FBI: Ransomware gangs hit several tribal sites last year

January 18th 2023

The FBI Cyber ​​Division said in a private industry notice released earlier this week that ransomware gangs attacked several tribal-owned casinos 1WIN, disabled their systems and disabled connected systems.

These attacks are part of a long series of similar incidents in 2016 that have been estimated to have cost millions of dollars in recent months.

Ransomware-affected casinos have been forced to close their gambling halls as well as restaurants, hotels and gas stations, resulting in significant revenue losses due to being forced to provide limited or no services to customers during the work on restoring their systems.

According to the FBI, limited cyber-investigative capabilities and law enforcement resources are likely one of the reasons ransomware groups see American tribes as desirable targets.

Ransomware gangs that coordinated attacks on tribal communities include REvil (Sodinokibi), Bitpaymer, Ryuk, Conti, Snatch and Cuba.

As a result of these incidents, the tribal entities have faced business disruption, confidential data theft and financial losses.

Ransomware also hits tribal emergency and healthcare systems

The FBI also said these ransomware attacks affected tribal businesses and government services, including tribal governments, medical and emergency service providers, and schools.

The impact of the attacks varied by tribe, but in at least one case, ransomware operators disrupted the tribe’s police department computer system, emergency services, and healthcare systems.

One example is the ransomware attack that hit and destroyed the Eastern Band of Cherokee Indians (EBCI) network in December 2019.

Law enforcement officers later arrested and charged a tribal employee with a cyberattack following an investigation by the Cherokee Indian Police Department with support from the FBI’s Cyber ​​Security Response Team, the NC Bureau of Investigation, and the US Department of Homeland Security.

Seeing that the frequency of ransomware attacks and ransom demands has slowly but steadily increased over the past couple of years, tribal communities are likely to be hit even more as they have to redirect additional resources and funds to strengthen their cybersecurity defenses.

To show the extent of the financial losses that ransomware has been facing lately, last month the U.S. Department of the Treasury Financial Crime Enforcement Network (FinCEN) identified approximately $5.2 billion of outgoing BTC transactions potentially related to ransomware payments.

On the same day, senior officials from more than 30 countries said their governments would take action against the cryptocurrency payment channels used by ransomware gangs to fund their operations.


Read more from Viv Cutbush