Ransomware Attack on Leech Lake Gaming by Cicada3301: 223 GB of Data Threatened

Incident Date: Jul 19, 2024

Attack Overview
VICTIM
Leech Lake Gaming
INDUSTRY
Hospitality
LOCATION
USA
ATTACKER
Cicada 3301
FIRST REPORTED
July 19, 2024

Ransomware Attack on Leech Lake Gaming by Cicada3301

Overview of Leech Lake Gaming

Leech Lake Gaming is a prominent gaming enterprise owned and operated by the Leech Lake Band of Ojibwe, a federally recognized Native American tribe in northern Minnesota. The company operates three casino resorts: Northern Lights Casino Hotel & Events Center in Walker, Minnesota, Palace Casino in Cass Lake, Minnesota, and White Oak Casino in Deer River, Minnesota. These establishments offer a variety of gaming options, including slot machines, table games, and poker rooms, along with hotel accommodations, restaurants, and entertainment venues. The gaming operations are a significant source of revenue for the tribe and provide employment opportunities for tribal members and the surrounding community.

Company Size and Economic Impact

Leech Lake Gaming employs between 130 and 1,000 individuals, with LinkedIn listing the employee count as 501-1,000. The company's annual revenue is estimated to be between $1 million and $100 million, reflecting its substantial operational scale. The gaming enterprise is managed by the Leech Lake Band of Ojibwe's Economic Development Division and is regulated by the National Indian Gaming Commission and the Leech Lake Gaming Commission. The company is recognized for its contributions to the local economy and community, providing employment opportunities and generating revenue that supports the tribe's social, educational, and healthcare programs.

Details of the Ransomware Attack

Leech Lake Gaming has fallen victim to a ransomware attack orchestrated by the notorious Cicada3301 group. The attackers claim to have exfiltrated 223 GB of sensitive data, including financial records, client information, and invoices. Cicada3301 has threatened to publish the stolen data if Leech Lake Gaming does not make contact with them, putting the company under significant pressure to respond. The attack highlights the vulnerabilities in the company's cybersecurity measures, making it a target for threat actors.

Profile of Cicada3301 Ransomware Group

Cicada3301 is a new ransomware gang that began making headlines in June 2024. The group has published data from four victims on its leak site, indicating its operational capabilities and intent to extort victims by threatening to release sensitive information if ransoms are not paid. Cicada3301's operations reflect common tactics used by ransomware groups, including the publication of victim data to pressure organizations into compliance. The group's activities are part of a broader trend where ransomware gangs exploit vulnerabilities and utilize leak sites to maximize their extortion efforts.

Cicada 3301

To clarify, the name “Cicada 3301” was originally associated with an online puzzle that gained notoriety between 2012-2014. However, the name has since been appropriated by a separate and unrelated ransomware group, which has been the focus of recent reports, including ours.

Halcyon fully respects the legacy of the original “Cicada 3301” organization and recognizes their distinction from the activities of the ransomware group using the same name. Our reporting on the ransomware group is consistent with fair use, aiming to inform the public about cybersecurity threats.  For those interested in the original “Cicada 3301” and their official stance on this matter, we encourage you to visit their statement here.

We appreciate your understanding as we strive to maintain clarity and accuracy in our reporting.

Potential Penetration Methods

While specific details on how Cicada3301 penetrated Leech Lake Gaming's systems are not disclosed, common methods include exploiting unpatched software vulnerabilities, phishing attacks, and weak network security protocols. The attack underscores the importance of robust cybersecurity measures to protect sensitive data and prevent unauthorized access.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.