Sault Tribe Refuses to Pay Ransomware Attackers as Kewadin Casinos Reopen

0
211

In a strong stance against cybercrime, Michigan’s Sault Ste. Marie Tribe of Chippewa Indians has confirmed its refusal to pay a ransom to hackers who targeted their Kewadin casino operations. The tribe has decided not to pay to recover the confidential data stolen by the cybercriminals.

Kewadin Casinos Reopen

The Sault Tribe’s five Kewadin casinos, which were disrupted for over two weeks following a ransomware attack on February 9, have now reopened. The attack had also affected other tribal services, including government offices and health clinics. The casinos began reopening in stages on February 26, and as of noon on March 12, all five are back to normal operations.

Decision to Not Pay Ransom

“Leadership worked with law enforcement groups, external cyber experts, and others to evaluate whether or not to pay that ransom,” explained the tribe’s chairman, Austin Lowes, on Facebook. “After much deliberation, we have determined there is no point in paying their ransom demand.”

Lowes added that the tribe’s IT team worked closely with external cybersecurity experts to combat the threat and eventually regain control of their systems, recovering almost all of their data. “There was no guarantee we would have received what was promised. We could have paid their ransom and still had our data shared on the dark web,” he stated.

Hackers’ Unusual Communication

In an unusual twist, the hackers wrote a letter to the local tribal newspaper, The Sault Tribe Guardian, expressing frustration over the lack of response from tribal leadership. The cybercriminals claimed to have stolen 100 gigabytes of confidential data and complained about not receiving any communication despite sending “detailed instructions via phone voicemails, corporate and personal emails, and internal network messages.” They emphasized that their motives were purely financial and not intended to harm the tribe.

RansomHub’s Involvement

DataBreaches.net reported that the global hacker group RansomHub claimed responsibility for the attack through a post on the Dark Web. RansomHub, known for using a “double-extortion model,” was one of the most active ransomware operators in 2024, with around 500 victims reported. This model involves extorting victims by encrypting systems and stealing data, then demanding payment.

Steps to Protect Affected Customers

“We’ve begun the process of reviewing that stolen information so we can reach out to those who have been impacted and provide free credit monitoring services,” Lowes said. He acknowledged that the review would take time as the team must manually review hundreds of thousands of documents to determine what information was stolen and who it belongs to.

In the meantime, Lowes urged those who believe they might be affected to take steps to protect themselves by:

  • Asking their credit card providers to monitor for suspicious behavior
  • Changing their passwords
  • Contacting credit reporting agencies to inform them of the attack

This decisive response from the Sault Ste. Marie Tribe of Chippewa Indians serves as a reminder of the importance of cybersecurity and the need to stand firm against cybercriminals.

Previous articleTribal-wide self-exclusion program to launch with support from national leaders
Next articleNHL Preview: Utah Hockey Club (27-25-9) vs. Detroit Red Wings (30-25-6)
Gaming Editor
Profile: A dedicated gaming‑industry analyst with a comprehensive understanding of the business, technology, and cultural forces shaping modern interactive entertainment. This columnist provides in‑depth coverage that blends market analysis, development trends, and player‑behavior insights to explain how studios, platforms, and emerging technologies influence the global gaming ecosystem. Background: With extensive experience covering the gaming sector, the columnist has contributed to major digital media outlets and industry publications, offering perspective on studio strategy, hardware innovation, esports growth, and the economics of game development. A background in journalism, analytics, and interactive media supports a methodical approach to evaluating industry shifts, tracking long‑term trends, and interpreting the impact of new technologies. Signature Coverage Areas: Market trends, platform strategy, and industry forecasting Game‑development pipelines, studio acquisitions, and publishing models Esports growth, competitive‑scene analysis, and organizational strategy Player‑engagement data, monetization models, and community dynamics Technological innovation, including AI, VR/AR, cloud gaming, and engine evolution Style & Approach: The writing emphasizes clarity, accuracy, and accessibility — translating complex business models, technical concepts, and market data into insights that resonate with both industry professionals and everyday players. Each column reflects a commitment to balanced reporting, thoughtful evaluation, and a deep appreciation for the creativity, innovation, and global reach of the gaming industry.