A look at the ransomware behind Gateway Casinos cyberattack
By Marissa BirnieStaff Reporter
Wed., April 26, 20233 min. read
Article was updated 10 hrs ago
It’s been over a week since Gateway Casinos and Entertainment announced the closure of its Ontario locations after a cyberattack hit the gaming operator.
In a statement, the company confirmed the attack as ransomware.
“We have no evidence thus far that personal information of our customers or employees has been impacted,” it said.
Ransomware is a malicious software that rewrites the files in a computer network.
When the files are encrypted, hackers notify their victims and offer decryptors in exchange for ransom. In some cases, hackers also gain access to the data in the files — which sometimes include personal information like credit cards and social insurance numbers.
Laurent Desaulniers, vice-president of breach, detection and response at cybersecurity company GoSecure said the cyber attackers might have been drawn to the casino’s hotel operations because of tempting information like credit cards used for hotel bookings.
He said the company has likely hired forensic professionals tasked with finding “patient zero” of the attack and perhaps a “breach coach” or lawyer to make sure it complies with privacy regulations.
It is also likely trying to determine what type of information was accessed, said Darren Gallop, CEO of cybersecurity company Carbide.
“They could very well be in a situation where they are going to be dealing with privacy regulations, potentially class-action lawsuits, depending on what degree of due diligence was being undertaken by the organization,” he said.
Desaulniers said most ransomware attacks are opportunistic, not targeted.
Most attacks are the result of a security flaw or an unwitting employee who opens a phishing email, he said.
Desaulniers and Gallop said cyberattacks aren’t going away, and that some companies are choosing to pay up to recover their compromised data.
“In real life, most of them pay ... it’s a cost-benefit decision,” Desaulniers said.
He said some companies pay the ransom if they think the cost would be cheaper than trying to recover the files.
Desaulniers estimates that the average cost of a ransomware attack is around $5 million U.S. per incident and that cyber criminals typically ask for about 3 per cent of a company’s revenue as ransom.
Gallop said cyber criminals work alone or in groups that are highly organized and professional.
And most of them don’t simply take the ransom money and run, he said.
“Almost every case I’ve heard of, they get their data back,” he said.
Gallop has even had clients comment on the hackers’ customer service skills.
He said the criminals have an incentive to keep a good reputation so the ransom payments keep coming, as seen when ransomware group LockBit publicly apologized for a cyberattack on SickKids.
Gallop cautioned companies who are thinking about playing nice with cyber attackers.
There are legal considerations, since some groups are connected with cartel and gang activity.
“You know the old-fashioned Pablo Escobars of the world that made all their money by selling cocaine? Well now there’s organized groups out there that are making revenue by doing this type of stuff, and in fact able to do it with lesser risks than they would face in a modern day environment trying to smuggle narcotics over borders,” he said.
Having strong IT and security systems is key in avoiding a cyberattack, Gallop said.
But many companies only come to cybersecurity firms after they’re attacked instead of taking preventive measures.
“Unfortunately, too many organizations wait until it’s too late to make the call,” he said.
JOIN THE CONVERSATION
Anyone can read Conversations, but to contribute, you should be a registered Torstar account holder. If you do not yet have a Torstar account, you can create one now (it is free)
Sign In
Register
Conversations are opinions of our readers and are subject to the Code of Conduct. Metrolanddoes not endorse these opinions.