Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Casino Giant Crown Resorts Investigating Ransomware Group’s Data Theft Claims

Australian casino giant Crown Resorts says the Cl0p ransomware group contacted them to claim data theft in the GoAnywhere attack.

Australian casino giant Crown Resorts this week confirmed that the Cl0p ransomware group contacted them to claim the theft of data as part of the GoAnywhere attack.

The incident occurred in late January, when a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software was exploited to access files belonging to Fortra customers.

The exploitation of the bug – tracked as CVE-2023-0669 and patched in early February– was attributed to a Russian-speaking threat actor associated with the Cl0p ransomware, which recently started adding the names of alleged victims to its Tor-based leak site.

The Cl0p ransomware operators have claimed the theft of data from roughly 130 organizations that used GoAnywhere, with some of them already confirming potential impact, including Community Health Systems, Hitachi Energy, Hatch Bank, Rubrik, Atos, City of Toronto, Procter & Gamble, Pluralsight, Saks Fifth Avenue, UK’s PPF, Virgin Red, and Rio Tinto.

Several of the impacted organizations told SecurityWeek that the stolen data poses no threat to customers or employees.

In a public statement on its website, Crown Resorts this week confirmed that it was a Fortra customer and that the Cl0p ransomware operators contacted it to claim the theft of company data:

“We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown files. We are investigating the validity of this claim as a matter of priority.

“We can confirm no customer data has been compromised and our business operations have not been impacted. We are continuing to work with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide relevant updates, as necessary.”

Advertisement. Scroll to continue reading.

The largest gaming and entertainment group in Australia, Crown Resorts operates large complexes in Melbourne, Perth, and Sydney. It was acquired by US private equity firm Blackstone in 2022.

This week, German insurer giant Munich Re, which was also added to Cl0p’s leak site, stated that the incident only impacted some test files.

“Munich Re currently has no contractual relationship with the company affected. For test purposes, only test files with meaningless content were sent, i.e. containing no business, client or personnel data,” the company said.

Fortra may face a class action suit as a result of the cyberattack, a complaint filed with the US District Court for the District of Minnesota shows. Per the complaint, the company failed to properly secure the MFT service, which led to the January data breach that impacted over 139,000 individuals.

Related: GoAnywhere Zero-Day Attack Hits Major Orgs

Related: ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Related: 14 Million Records Stolen in Data Breach at Latitude Financial Services

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.