RansomHub Group Disrupts Lower Sioux Indian Community with Ransomware Attack
A ransomware attack targeting the Lower Sioux Indian Community’s Jackpot Junction casino has spread across the tribe’s network, crippling essential services. The incident, first reported on Tuesday, forced the shutdown of the tribe’s pharmacy, health center, and dental facilities, with disruptions beginning as early as March 27.
The attack, attributed to the RansomHub ransomware group, has paralyzed operations at the casino and disrupted government and healthcare services. The tribe has enlisted external cybersecurity support to restore systems and has set up temporary phone lines for affected facilities.
RansomHub, which recently targeted the Sault Ste. Marie Tribe of Chippewa Indians in Michigan, uses a tool called EDRKillShifter to disable security programs before deploying ransomware. The group’s ransomware-as-a-service model has gained notoriety, with affiliates leveraging its tools in attacks.
Tribal casinos have become frequent ransomware targets, with successful attacks in 2021 hitting operations in Oklahoma, Idaho, and California. Beyond financial losses, these incidents risk exposing sensitive data and eroding trust. The Lower Sioux attack underscores the broader threat to critical tribal infrastructure, extending beyond gaming to healthcare and public services. The tribe continues to work toward full recovery while urging patience from the community.
Lower Sioux Indian Community cybersecurity rating report: https://www.rankiteo.com/company/lower-sioux-indian-community
"id": "LOW1770508329",
"linkid": "lower-sioux-indian-community",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'Gaming, Healthcare, Government',
'name': 'Lower Sioux Indian Community',
'type': 'Tribal government and casino operator'}],
'customer_advisories': 'Urging patience from the community',
'data_breach': {'sensitivity_of_data': 'Potential exposure of sensitive data'},
'date_detected': '2024-03-27',
'description': 'A ransomware attack targeting the Lower Sioux Indian '
'Community’s Jackpot Junction casino has spread across the '
'tribe’s network, crippling essential services. The incident '
'forced the shutdown of the tribe’s pharmacy, health center, '
'and dental facilities, with disruptions beginning as early as '
'March 27. The attack has paralyzed operations at the casino '
'and disrupted government and healthcare services.',
'impact': {'brand_reputation_impact': 'Eroding trust',
'operational_impact': 'Crippling of essential services, shutdown '
'of healthcare and government operations',
'systems_affected': ['Jackpot Junction casino',
'pharmacy',
'health center',
'dental facilities',
'government services']},
'investigation_status': 'Ongoing',
'lessons_learned': 'Tribal casinos and critical infrastructure are frequent '
'ransomware targets, with risks extending beyond financial '
'losses to sensitive data exposure and trust erosion.',
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': 'Use of EDRKillShifter tool to '
'disable security programs before '
'deploying ransomware'},
'ransomware': {'data_encryption': 'Yes', 'ransomware_strain': 'RansomHub'},
'references': [{'source': 'Incident report'}],
'response': {'communication_strategy': 'Set up temporary phone lines for '
'affected facilities, urged community '
'patience',
'remediation_measures': 'Restoring systems',
'third_party_assistance': 'External cybersecurity support '
'enlisted'},
'threat_actor': 'RansomHub',
'title': 'RansomHub Group Disrupts Lower Sioux Indian Community with '
'Ransomware Attack',
'type': 'Ransomware'}