Ransomware Attack on Leech Lake Gaming by Cicada3301: 223 GB of Data Threatened

Incident Date:

July 19, 2024

World map

Overview

Title

Ransomware Attack on Leech Lake Gaming by Cicada3301: 223 GB of Data Threatened

Victim

Leech Lake Gaming

Attacker

Cicada 3301

Location

Cass Lake, USA

Minnesota, USA

First Reported

July 19, 2024

Ransomware Attack on Leech Lake Gaming by Cicada3301

Overview of Leech Lake Gaming

Leech Lake Gaming is a prominent gaming enterprise owned and operated by the Leech Lake Band of Ojibwe, a federally recognized Native American tribe in northern Minnesota. The company operates three casino resorts: Northern Lights Casino Hotel & Events Center in Walker, Minnesota, Palace Casino in Cass Lake, Minnesota, and White Oak Casino in Deer River, Minnesota. These establishments offer a variety of gaming options, including slot machines, table games, and poker rooms, along with hotel accommodations, restaurants, and entertainment venues. The gaming operations are a significant source of revenue for the tribe and provide employment opportunities for tribal members and the surrounding community.

Company Size and Economic Impact

Leech Lake Gaming employs between 130 and 1,000 individuals, with LinkedIn listing the employee count as 501-1,000. The company's annual revenue is estimated to be between $1 million and $100 million, reflecting its substantial operational scale. The gaming enterprise is managed by the Leech Lake Band of Ojibwe's Economic Development Division and is regulated by the National Indian Gaming Commission and the Leech Lake Gaming Commission. The company is recognized for its contributions to the local economy and community, providing employment opportunities and generating revenue that supports the tribe's social, educational, and healthcare programs.

Details of the Ransomware Attack

Leech Lake Gaming has fallen victim to a ransomware attack orchestrated by the notorious Cicada3301 group. The attackers claim to have exfiltrated 223 GB of sensitive data, including financial records, client information, and invoices. Cicada3301 has threatened to publish the stolen data if Leech Lake Gaming does not make contact with them, putting the company under significant pressure to respond. The attack highlights the vulnerabilities in the company's cybersecurity measures, making it a target for threat actors.

Profile of Cicada3301 Ransomware Group

Cicada3301 is a new ransomware gang that began making headlines in June 2024. The group has published data from four victims on its leak site, indicating its operational capabilities and intent to extort victims by threatening to release sensitive information if ransoms are not paid. Cicada3301's operations reflect common tactics used by ransomware groups, including the publication of victim data to pressure organizations into compliance. The group's activities are part of a broader trend where ransomware gangs exploit vulnerabilities and utilize leak sites to maximize their extortion efforts.

Cicada 3301

To clarify, the name “Cicada 3301” was originally associated with an online puzzle that gained notoriety between 2012-2014. However, the name has since been appropriated by a separate and unrelated ransomware group, which has been the focus of recent reports, including ours.

Halcyon fully respects the legacy of the original “Cicada 3301” organization and recognizes their distinction from the activities of the ransomware group using the same name. Our reporting on the ransomware group is consistent with fair use, aiming to inform the public about cybersecurity threats.  For those interested in the original “Cicada 3301” and their official stance on this matter, we encourage you to visit their statement here.

We appreciate your understanding as we strive to maintain clarity and accuracy in our reporting.

Potential Penetration Methods

While specific details on how Cicada3301 penetrated Leech Lake Gaming's systems are not disclosed, common methods include exploiting unpatched software vulnerabilities, phishing attacks, and weak network security protocols. The attack underscores the importance of robust cybersecurity measures to protect sensitive data and prevent unauthorized access.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.