Sault Tribe Stands Firm in Decision Not to Pay Ransomware Attackers Despite Kewadin Casinos Reopening

By Blog


Published: March 5, 2025, 05:17h. 

Last updated on: March 5, 2025, 05:19h.

  • Sault Tribe’s five Kewadin casinos now open after ransomware attack
  • Tribe refuses to pay hackers for stolen private data
  • Customers who think they might be affected are urged to take precautions

Michigan’s Sault Ste. Marie Tribe of Chippewa Indians have confirmed they refused to pay a ransom to hackers who attacked their Kewadin casino operations and will not pay to recover confidential data stolen by the cybercriminals.

Sault Ste. Marie Tribe of Chippewa Indians, Kewadin Casinos, cyberattack, ransomware, Austin Lowes
Sault Tribe Chair Austin Lowes, above, speaking at Lake Superior State University in 2023. Lowes refused to give in to the cyber attackers’ demands, despite the mayhem caused to tribal services. (Image: Lake Superior State University)

The Sault Tribe battled for over two weeks to regain control of its systems after the February 9 attack disrupted gaming operations at its five Upper Peninsula casinos and other tribal services for over two weeks.

The casinos began reopening in stages last Wednesday, February 26, and all five resumed normal services as of noon today, March 12. Despite the mayhem, which included disruption to government offices, health clinics, and other businesses, the tribe refused to give in to the hackers.

‘No Point Paying’

“Leadership worked with law enforcement groups, external cyber experts and others to evaluate whether or not to pay that ransom,” the tribe’s chairman Austin Lowes explained on Facebook. “After much deliberation, we have determined there is no point in paying their ransom demand.”

Lowes said his IT team worked closely with external cyber security experts to combat the threat. The tribe was eventually able to regain control of the systems and recover almost all of its data.

There was no guarantee we would have received what was promised. We could have paid their ransom and still had our data shared on the dark web,” Lowes added.

You Don’t Write, You Don’t Call

In a bizarre twist, at the height of the crisis, the hackers wrote a letter to the local tribal newspaper, The Sault Tribe Guardian, to complain about the lack of response from tribal leadership.

The criminals claimed to have stolen 100 gigabytes of confidential data but had received no communication, despite sending “detailed instructions via phone voicemails, corporate and personal emails, and internal network messages.”

The hackers added that “the financial situation of the tribe is sufficient to cover the expenses associated with this cyberattack.”

“To be clear, we had no intention of harming the Tribe – our motives are purely financial,” they explained.

What is RansomHub?

DataBreaches.net reported that RansomHub, a global hacker group, has claimed responsibility via a post on the Dark Web. The group was one of the most active ransomware operators in 2024, with around 500 victims reported.

RansomHub uses the so-called “double-extortion model,” which involves extorting victims by encrypting systems and stealing data, then demanding payment.

We’ve begun the process of reviewing that stolen information so we can reach out to those who have been impacted and provide free credit monitoring services,” Lowes said. “This review will take time, though, since our team must manually review hundreds of thousands of documents to determine what information may have been stolen and who that information belongs to.”

In the meantime, he urged those who believe they might be affected to take steps to protect themselves by asking their credit card providers to monitor for suspicious behavior, changing their passwords, and contacting credit reporting agencies informing them of the attack.



Source link