After days of reported technology outages, the federally-recognized Indian tribe located in south central Minnesota said it was forced to activate incident response protocols following a cybersecurity incident that was discovered on some systems connected to Jackpot Junction, the local casino controlled by the tribe. Researchers from cybersecurity firm ESET said in a detailed report last week that the group has gained prominence by developing a special type of malware — called EDRKillShifter — designed to terminate, blind or crash the endpoint detection and response (EDR) security products typically installed on a victim’s system. The Lower Sioux Indian Community warned residents on Wednesday that a cyberattack caused disruptions for the local healthcare facility, government center and casino. The tribe "continued to take measures to contain the incident, including taking some systems offline (tribal phones, fax machines, and emails)," officials said in a social media post. The group has also developed ties to other sophisticated ransomware gangs like Play, Medusa and BianLian — with actors from each group deploying EDRKillShifter, according to ESET. Unlike other groups, the gang allows affiliates to receive the entire ransom payment to their own wallet and trusts them to send the developers the remaining 10%, ESET noted. The tribe provided temporary phone numbers for the local health center, the dental center and the retail optical facility as well as the local pharmacy. “Affiliates are typically on their own to find ways to evade security products — some reuse existing tools, while more technically oriented ones modify existing proofs of concept or utilize EDR killers available as a service on the dark web.
This Cyber News was published on therecord.media. Publication date: Wed, 02 Apr 2025 20:35:06 +0000