Crown Resorts Minimizes Impact of Ransomware Attack, Asserts Data Security Maintained

Crown Resorts has acknowledged its involvement in a wide-reaching ransomware attack, but has affirmed that customers’ data and information have not been affected.

The exterior of Crown Melbourne. Crown Resorts, which operates Crown Melbourne, was targeted by a ransomware group that detected a vulnerability in an online file-sharing network the company utilizes. (Image: ABC News )

Crown officials declared yesterday that the company has been a casualty of the Fortra GoAnywhere ransomware assault.

A ransomware group referred to as Clop recognized a flaw in the GoAnywhere network which cybersecurity investigators have since cited as a “zero-day” vulnerability. This weakness has enabled Clop to access GoAnywhere illicitly and seize data.

The ransomware attack is said to have stolen data from more than 130 companies. Crown Resorts, the biggest casino operator in Australia, asserts that it is one of the impacted, but is attempting to allay patron concerns concerning their confidential details being wrongfully obtained by hackers.

We were recently contacted by a ransomware group who allege they have unlawfully obtained a limited number of Crown files. We are assessing the credibility of this allegation as a top priority,” a Crown Resorts spokesperson said.

Fortra is a Nebraska-based software firm that specializes in secure file transfer services. GoAnywhere, the company’s primary product, allegedly enables customers to securely shift sensitive files over the internet.

“We have established that an unapproved party accessed the systems via an unknown exploit and created unauthorized user accounts,” Fortra affirmed. “We are working directly with customers to assess their individual potential impact, apply mitigations, and restore systems.”

Another Difficult Situation

Crown Resorts is presently attempting to recover its reputation in relation to its ongoing suitability probes in Victoria, Western Australia, and New South Wales. Recent investigations in the Australian states have determined that Crown has consistently been unable to shield its casinos from money laundering and apparently permitted criminal syndicates to frequent the venues.

Though Crown has held on to its prized gaming concessions in the three states, independent state-appointed monitors are keeping a close watch over the operations at Crown Melbourne, Crown Perth, and Crown Sydney. Those monitors will eventually help figure out whether Crown Resorts has adhered to the requirements of its remediation directives to maintain those gaming privileges.

Though not caused by Crown itself apart from partnering with a tech firm that did not offer products that were fully safeguarded from hackers, Crown Resorts acknowledging that it is part of the GoAnywhere breach is yet another setback for the embattled gaming business.

Despite Crown saying it is still investigating the legitimacy of Clop’s claims that it has infiltrated Crown’s GoAnywhere transfers, the company declared “no customer data has been compromised and our business operations have not been impacted.”

“We are continuing to collaborate with law enforcement and have notified our gaming regulators as part of the ongoing investigation and will provide pertinent updates, as needed,” the Crown statement concluded.

Global Corporations Compromised

The GoAnywhere attack includes some of the world’s most significant companies. Supposedly, Clop victims include consumer goods giant Proctor & Gamble, supermarket chain Kroger, energy giant Shell, Stanford Medicine, and luxury retailer Saks Fifth Avenue.

The Virgin Group, which operates Virgin Hotels Las Vegas, has also been affected.

Many companies, including Crown Resorts, have reported being contacted by Clop with a demand for ransom. Although US government security officials state compromised firms should not negotiate with ransomware groups, many often do so to retrieve their data and protect their customers.

Blockchain analysis firm Chainalysis reported last month that roughly $457 million was paid to ransomware attackers last year. That is a considerable reduction from the $766 million allegedly paid in 2021 and $765 million in 2020.