Jackpot Junction Casino Hotel, a tribal casino in Minnesota, was forced to shut down significant portions of its operations last month after falling victim to a cyberattack. Cybercriminal group RansomHub later claimed responsibility. The first signs of the attack began appearing on March 27, including issues with reservations and the hotel’s phone system. Matters continued to escalate until March 31, when the casino made an announcement on Facebook to explain the issue.
Many of the casino’s systems were taken offline, including the more than 1,000 slots on its gaming floor, though table games remained operational. In another Facebook update on April 4, the casino confirmed that it was still working on restoring service. Customers commenting on the post expressed concern about whether their personal data had been compromised.
The incident underscores the growing threat cybercriminals pose to the gaming industry.
According to the US Cybersecurity and Infrastructure Security Agency, RansomHub is a ransomware-as-a-service operation. It leases ransomware tools to affiliates who carry out attacks and then split the ransom profits with the developers. Since its inception in February 2024, RansomHub has claimed over 210 attacks. Those include Rite Aid, Frontier Communications, and the Florida Department of Health. It’s unknown whether Jackpot Junction has paid a ransom.
Shutdown affected multiple casino and community systems
In a Facebook post on April 1, Robert “Deuce” Larsen, president of the Lower Sioux Indian Community council, confirmed the attack:
Jackpot Junction recently identified a cybersecurity incident involving unauthorized access to certain systems. We immediately activated our incident response protocols and took measures to contain the incident, including taking some systems offline.
We are working with third-party experts to address the incident, with the goal of returning to normal operations as quickly and as safely as possible. At this time, our systems remain offline.
We appreciate your patience and support. We apologize for it taking this long, but we will keep you updated as best we can.
In addition to disrupting casino and hotel operations, the shutdown affected tribal community systems. They included the phones at the Lower Sioux Health Care Center and the information center at the community’s Head Start educational program. The affected systems stayed offline until at least April 3. However, Jackpot Junction table games, bars, and restaurants remained operational.
Cyberattacks cost casinos millions, including $100m for MGM
The Jackpot Junction attack highlights the growing trend of cybercriminals targeting casinos. One of the most significant attacks occurred in September 2023 when MGM Resorts shut down some systems, similar to the Minnesota casino, after a ransomware cyberattack. The disruptions lasted over a week. The company later revealed that they cost it over $100 million in lost profits. Two cybercriminal groups claimed responsibility: Scatter Spider conducting the attack and ALPHV providing the ransomware.
In the same month, Caesars Entertainment revealed in an SEC filing that it had suffered a similar cyberattack, allegedly also by ALPHV. While MGM refused to pay, Caesars reportedly paid the attackers a $15 million ransom.
Moreover, earlier that year, a ransomware attack shut down all 14 Ontario casinos operated by Gateway Casinos & Entertainment Limited. Meanwhile, an attack on Everi Holdings, which operates New York’s video lottery terminal network, forced Jake’s 58 in Long Island to close for three days.
Online platforms haven’t been immune, either. Around the same time in 2022, DraftKings, BetMGM, WSOP, and FanDuel all fell victim to cybercriminals.
About the Author
