
They say the house always wins, unfortunately for the gaming industry its seldom the case when it comes to ransomware. The gambling industry has certainly become a firm favorite for cybercriminal gangs, with a 2022 a study showing that cyberattacks on casinos and gaming companies had increased by a massive 167% in one year.
When it comes to casinos making ransomware headlines, the list is long, and it spans the globe. Notable incidents include Australia’s Crown Resorts, Wrest Point and Country Club casinos in Tasmania, Gateway Casino and Entertainment in Canada, Lucky Star Tribal Casinos in the US, and online casinos DraftKings and BetMGM to name a few.
The fallout from such attacks can be catastrophic. Obviously there can be massive ransom demands to contend with, while operationally some are forced to shutter the doors until operations can resume, but it’s what comes after the remediation that is the real concern as we can see in the case of Rancho Mesquite. Following a successful ransomware attack, the organization, which owns and operates three locations is dealing with a class action lawsuit from the resulting data breach which impacted 200,000 customers.
A lucrative target
In 2022, US casinos alone reaped more than $60 billion in gambling revenues, and that doesn’t include the billions that were made by the tribal casinos. With revenues in the billions and a plethora of sensitive data relating to millions of customers, it’s hardly a surprise that they have become such a target for cybercriminals.
Late last year security experts warned that attacks on casinos would become worse as they increased in sophistication, and the FBI issued a warning to tribal casinos to be on high alert for ransomware attacks.
New cybersecurity regulations
In December, the Nevada Gaming Commission (NGC) announced that it had adopted new cybersecurity regulations for certain gaming operators. Organizations have until December 31st, 2023, to fully comply with new regulations which include:
- Taking steps to secure and protect systems from cyberthreats
- Documenting all measures taken to comply and maintaining records which must be available for the board for a 5 year period
- Conducting an initial risk assessment and developing cybersecurity best practice
- Continuous monitoring of cybersecurity risks
- Providing written disclosure of cyberattacks to the board within 72 hours
- Investigating the incident and preparing a report of the findings
Bridging the cybersecurity gap
Those responsible for complying with this new legislation must look beyond traditional defensive based cybersecurity to prevent attacks. A quick look into some of the successful ransomware attacks this year, and the well-known companies that have made the victim list, provides an insight into what not to do. The days of relying on traditional tools that focus on securing the perimeter are well and truly behind us. Newer technologies that focus on prevention and anti data exfiltration provide new barriers to stop data extortion.
Beating the odds
With 1 in 2 companies now experiencing a cyberattack it is only a matter of time before a breach occurs. Organizations can also be certain that their data is the ultimate prize for the attackers, with 89% of ransomware attacks now exfiltrating data. With hackers moving away from encryption to focus on exfiltration and extortion, preventing any unauthorized data exfiltration must be a key component of any cybersecurity strategy.
Winning the war on ransomware
When it comes to cyberattacks, all roads lead to data exfiltration. Without it, there is no success for the attackers. No data exfiltration equals no ransom, no extortion, and no data breach. Third generation cybersecurity solutions that focus on preventing data exfiltration are now a critical layer in a strong cybersecurity strategy. BlackFog’s fully automated 24/7 ADX technology prevents cyberattacks in real-time and ensures that if cybercriminals manage to bypass traditional defenses, they will be unable to remove any data.
Related Posts
Fog Ransomware Surges in 2025 Hitting Schools and Banks Alike
Fog ransomware has surged in 2025, targeting the educational and financial sector. Learn about its technical tactics, double extortion methods, and defense strategies.
Data Risk Assessment: The First Step Toward Smarter Data Protection
Understanding how to conduct a data risk assessment is a key step in protecting systems and networks from both internal and external threats.
Data Risk Management: A Smarter, Deeper Approach
Make sure your data risk management strategy goes beyond the basics to ensure critical information is safe from hackers, accidental breaches and other threats.
GDPR Audit: A Practical Guide to Staying Compliant
What should firms be thinking about when conducting a GDPR audit and why must this be a key part of a data risk management strategy?
5 Emerging Data Security Threats You May Not Have Considered
Keep an eye on these five rapidly-evolving data security threats to ensure sensitive information is fully protected from exposure.
Data Classification: A Practical Guide to Protecting What Matters Most
Data classification is an essential part of any successful cybersecurity strategy. Find out what you need to know to conduct this effectively.