Crown Resorts Downplays Ransomware Attack, Claims Data Uncompromised

Posted on: March 28, 2023, 09:37h. 

Last updated on: March 28, 2023, 09:47h.

Devin O'Connor @CasinoorgDevinO Read More

Expertise: Asia Pacific Gaming, Commercial Gaming, Legislation, Politics.

Crown Resorts has confirmed being involved in a far-reaching ransomware attack, but the organization is assuring customers that their data and information hasn’t been compromised.

Crown officials announced Monday that the company has been a victim of the Fortra GoAnywhere ransomware attack.

A ransomware group called Clop recently identified a glitch in the GoAnywhere network that cybersecurity experts have since dubbed a “zero-day” vulnerability. The flaw allowed Clop to infiltrate GoAnywhere and illegally seize data.

The ransomware attack claims to have stolen data from more than 130 companies. Crown Resorts, the largest casino operator in Australia, says it’s among the comprised, but is trying to calm patron fears about their confidential information wrongly landing in the hands of hackers.

We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority,” a Crown Resorts spokesperson said.

Fortra is a Nebraska-based software firm that specializes in secure file transfer services. GoAnywhere, the company’s flagship product, supposedly allows customers to securely transfer highly sensitive files over the internet.

“We have determined that an unauthorized party accessed the systems via a previously unknown exploit and created unauthorized user accounts,” Fortra confirmed. “We are working directly with customers to assess their individual potential impact, apply mitigations, and restore systems.”

Another Black Eye

Crown Resorts is already doing damage control in relation to its ongoing suitability probes in Victoria, Western Australia, and New South Wales. Recent inquiries in the Australian states have determined that Crown, for many years, failed to properly protect its casinos from being used to launder money and allegedly allowed criminal syndicates to frequent the properties.

Though no fault of its own other than partnering with a tech firm that provided products not fully safe from hackers, Crown Resorts confirming that it’s involved in the GoAnywhere breach is yet another misstep for the beleaguered gaming firm.

Despite Crown saying it’s still investigating the merit of Clop’s claims that it infiltrated Crown’s GoAnywhere transfers, the company said “no customer data has been compromised and our business operations have not been impacted.”

“We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary,” the Crown statement concluded.

Global Firms Compromised

The GoAnywhere attack involves some of the world’s largest companies. Clop victims supposedly include consumer goods giant Proctor & Gamble, supermarket chain Kroger, energy conglomerate Shell, Stanford Medicine, and luxury retailer Saks Fifth Avenue.

The Virgin Group, which operates Virgin Hotels Las Vegas, has also been compromised.

Blockchain analysis firm Chainalysis reported last month that about $457 million was paid to ransomware attackers last year. That’s down considerably from the $766 million supposedly paid in 2021 and the $765 million in 2020.