Cyber Incident Victim: Gaming Partners International
Date:
Oct 2020
Location:
United States of America
Summary
A ransomware attack by the REvil group compromised Gaming Partners International, a global provider of casino currency and gaming equipment. Threat actors encrypted all servers and workstations while exfiltrating 540GB of sensitive data, including financial records, technical documents, and contracts with major casinos across Las Vegas, Macao, and Europe. The attackers published directory screenshots as evidence on their leak site and issued a 72-hour ultimatum for response. The breach exposed critical banking information and operational details, though the company did not provide immediate public comment regarding the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around October 31, 2020, the REvil ransomware group, also known as Sodinokibi, publicly disclosed Gaming Partners International (GPI) as a victim on their dedicated leak site. The threat actors claimed to have compromised all servers and working computers within GPI’s network, encrypting systems and exfiltrating approximately 540GB of sensitive data. REvil representatives, identified in communications with security researcher Yelisey Boguslavskiy, had previously hinted at targeting a gaming network prior to the GPI disclosure. The group provided screenshots of directory structures from allegedly compromised systems as evidence of the breach. They issued a 72-hour ultimatum for GPI to respond to their demands, threatening to release the stolen data. The compromised information reportedly included technical specifications, financial records, contracts with casinos in Las Vegas, Macao, and Europe, and banking documents. REvil emphasized the scope of the attack by asserting they had accessed "absolutely all" company infrastructure. The public disclosure followed REvil’s established pattern of using dedicated leak sites to pressure victims into negotiations. No initial statement from GPI was available at the time of the disclosure.
GPI, a global supplier of casino currency and gaming equipment, faced significant operational and reputational risks due to the exposure of contracts and financial data tied to major gambling hubs. The breach potentially impacted client relationships and regulatory compliance given the sensitivity of casino-related financial documentation. DataBreaches.net attempted to contact GPI for verification of the incident but received no immediate response. The absence of confirmed containment or recovery actions from GPI left the company’s mitigation efforts undocumented in public sources. REvil’s claims, while unverified by independent sources at the time of reporting, highlighted the group’s focus on high-value targets with critical data assets. The incident underscored the persistent threat of ransomware operations targeting specialized industries with time-sensitive operational dependencies. The 540GB data leak, if validated, represented one of the larger ransomware-related exfiltrations disclosed during that period.