Do the casino ransomware attacks make the case to pay? The Register

Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains.
Despite the similar characters and plots, these two stories have disparate endings - and seem to suggest two very different takeaways to corporations confronted with extortionists' demands and the question of paying or not paying a ransom.
The first, Caesar Entertainment, owns more than 50 resorts and casinos in Las Vegas and 18 other US states, disclosed the intrusion in an 8-K form submitted to the SEC on September 7.
These steps are widely assumed to include paying a ransom - which was reportedly negotiated down to $15 million after an initial demand for $30 million.
Caesars did not respond to The Register's inquiries for this or previous stories about the ransomware infection.
From the outside, at least, it appears that Caesars suffered minimal pain and business disruption primarily because it decided to pay the ransom.
When looking at what ransomware payment end up funding, with all other things being equal, we'd assume most organizations would choose to not give in to extortion demands.
When looking at both casinos' outcomes, it appears as if the clear, less painful choice is to pay the ransom.
All of these also likely went into the casino exec's decision, said Megan Stifel, chief strategy officer for the Institute for Security and Technology and the executive director of the IST's Ransomware Task Force.
This is because it draws attention away from the two big issues that facilitate ransomware - and cybercrime in general, Stifel added.
There are a number of factors that play into a company's decision to pay or not pay a ransom, according to incident responders.
MGM Resorts attackers hit personal data jackpot, but house lost $100M Casino giant Caesars tells thousands: Yup, ransomware crooks stole your data Look out, Scattered Spider.
FBI pumps 'significant' resources into snaring data-theft crew US officials close to persuading allies to not pay off ransomware crooks.
If this includes health-care records, or data belonging to or about minors, they may be more inclined to pay the demand rather than have this information leaked, Kimberly Goody, head of cyber crime analysis at Mandiant, told The Register.
It also depends on the sector, because sometimes a ransomware infection can become a life-or-death situation.
Goody also noted the 2021 Colonial Pipeline attack and fuel shortage that ensued, as well as the oil company CEO's very public decision to pay the crooks.
Government sanctions are another outside factor likely to influence an organization's decision.
In addition to the ethical problems of paying criminals, and thus funding future cyberattacks on more victims, paying the extortionists may be illegal.
One cyber-crime crew that Mandiant tracks as UNC2165, which has ties to Evil Corp, began switching up the ransomware it deployed after the US sanctioned Evil Corp in 2019 over its development and use of Dridex malware.
These types of sanctions, and other coordinated efforts between governments that increase the cost of criminals doing business are what's needed to disrupt the ransomware ecosystem, according to IST's Stifel.


This Cyber News was published on go.theregister.com. Publication date: Thu, 28 Dec 2023 17:43:05 +0000


Cyber News related to Do the casino ransomware attacks make the case to pay? The Register

Do the casino ransomware attacks make the case to pay? The Register - Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. Despite the similar ...
11 months ago Go.theregister.com
Do the casino ransomware attacks make the case to pay? The Register - Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. Despite the similar ...
11 months ago Theregister.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
10 months ago Securityboulevard.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Rivers Casino customers, employees targeted by data breach - Customers at Rivers Casino in Des Plaines were targeted by a data breach of the casino's systems in August, the casino announced Thursday. The casino's internal networks were accessed on or around Aug. 12, and the casino discovered the breach Nov. 2. ...
1 year ago Chicagotribune.com
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
10 months ago Techrepublic.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
11 months ago Securityboulevard.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com
Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
1 year ago Darkreading.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
10 months ago Malwarebytes.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
11 months ago Blog.checkpoint.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
11 months ago Unit42.paloaltonetworks.com
Anti-Ransomware Coalition Bound to Fail Without Key Adjustments - COMMENTARY. Ransomware is a pervasive issue affecting businesses of all sizes and industries, and the best way to respond remains hotly debated. While much fanfare coincided with the announcement of a US-led, 40-country coalition to collectively ...
11 months ago Darkreading.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
11 months ago Feeds.fortinet.com
'Sex life data' stolen from UK government among record number of ransomware attacks - Data on the sex lives of up to 10,000 people was stolen from a British government department in one of the record number of ransomware attacks to have hit Westminster in the first half of this year. It is not known which department the information ...
1 year ago Therecord.media
How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
1 year ago Techtarget.com
Frameworks, Guidelines & Bounties Alone Won't Defeat Ransomware - COMMENTARY. The US government is ramping up efforts to stem the increasingly disruptive scourge of ransomware attacks. The State Department recently offered up to $15 million for information on LockBit, and $10 million for information on the ...
8 months ago Darkreading.com
Best Ransomware Protection Practices for Midsize Organizations - Ransomware Protection has emerged as a crucial step in cybersecurity since ransomware attacks have become a major threat to businesses of all sizes, including midsize organizations. Ransomware attacks can be delivered via email attachments or links, ...
11 months ago Securityboulevard.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
9 months ago Feeds.fortinet.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
7 months ago Bleepingcomputer.com
White House hosts Counter Ransomware Initiative summit, with a focus on not paying hackers - The third annual White House-led counter ransomware summit convening 48 countries, the European Union and Interpol launches in Washington today, featuring several new elements including a pledge from most member states not to pay ransoms and a ...
1 year ago Therecord.media
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
2 months ago Securelist.com
Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)