Cyber Incident Victim: Lower Sioux Indian Community
Date:
Mar 2025
Location:
United States of America
Summary
A cyberattack on theLower Sioux Indian Community led to the shutdown of slot machines and disruption of phone service, bingo events, and reservation systems at its Jackpot Junction Casino Hotel. The community took affected systems offline and enlisted third‑party experts after detecting unauthorized access. The ransomware group RansomHub claimed responsibility on the dark web; analysts describe it as a prolific Russia‑based operation that has claimed hundreds of victims.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Thursday, guests at Jackpot Junction Casino Hotel began noticing that phones were not working. Bingo night cancellations were reported and guests found they could not change reservations. Slot machines fell silent over the weekend as a result of the incident. The casino identified a cybersecurity incident involving unauthorized access to certain systems. Robert “Deuce” Larsen, president of the Lower Sioux Indian Community council, disclosed the incident in a Facebook post on Monday night.
In response, the casino took some systems offline to contain the breach. The casino engaged third‑party experts to assist with investigation and recovery. Larsen stated that the casino is working with those experts to address the incident. No further details about the specific systems affected were provided in the source.
On Monday, a message on the dark web claimed responsibility for the attack, attributing it to the criminal group RansomHub. Three online websites that track cyber gangs reported the claim. Luke Connolly, an analyst with Emsisoft, described RansomHub as a prolific criminal group likely based in Russia. He noted that the group has claimed hundreds of victims since its founding in February 2024. Cyber gangs often post victim names to embarrass them or as part of a threat to release more information, according to Connolly.