Connect with us

Hi, what are you looking for?



Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims

Australian casino giant Crown Resorts says the Cl0p ransomware group contacted them to claim data theft in the GoAnywhere attack.

Australian casino giant Crown Resorts this week confirmed that the Cl0p ransomware group contacted them to claim the theft of data as part of the GoAnywhere attack.

The incident occurred in late January, when a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software was exploited to access files belonging to Fortra customers.

The exploitation of the bug – tracked as CVE-2023-0669 and patched in early February– was attributed to a Russian-speaking threat actor associated with the Cl0p ransomware, which recently started adding the names of alleged victims to its Tor-based leak site.

The Cl0p ransomware operators have claimed the theft of data from roughly 130 organizations that used GoAnywhere, with some of them already confirming potential impact, including Community Health Systems, Hitachi Energy, Hatch Bank, Rubrik, Atos, City of Toronto, Procter & Gamble, Pluralsight, Saks Fifth Avenue, UK’s PPF, Virgin Red, and Rio Tinto.

Several of the impacted organizations told SecurityWeek that the stolen data poses no threat to customers or employees.

In a public statement on its website, Crown Resorts this week confirmed that it was a Fortra customer and that the Cl0p ransomware operators contacted it to claim the theft of company data:

“We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority.

Advertisement. Scroll to continue reading.

“We can confirm no customer data has been compromised and our business operations have not been impacted. We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.”

The largest gaming and entertainment group in Australia, Crown Resorts operates large complexes in Melbourne, Perth, and Sydney. It was acquired by US private equity firm Blackstone in 2022.

This week, German insurer giant Munich Re, which was also added to Cl0p’s leak site, stated that the incident only impacted some test files.

“Munich Re currently has no contractual relationship with the company affected. For test purposes, only test files with meaningless content were sent, i.e. containing no business, client or personnel data,” the company said.

Fortra may face a class action suit as a result of the cyberattack, a complaint filed with the US District Court for the District of Minnesota shows. Per the complaint, the company failed to properly secure the MFT service, which led to the January data breach that impacted over 139,000 individuals.

Related: GoAnywhere Zero-Day Attack Hits Major Orgs

Related: ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Related: 14 Million Records Stolen in Data Breach at Latitude Financial Services

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...