Ransomware attack to blame for Federal Group’s casino pokies outage in Tasmania

Tasmania’s lone casino operator has confirmed it is being held to ransom in a cyber attack that has impacted its pokies machines and hotel bookings system for more than a week.

In response to detailed questions from the ABC, Federal Group executive director Daniel Hanna said the cyber incident that had shut down pokies at its Wrest Point and Country Club casinos since April 3 had involved ransomware.

United Workers Union casino organiser Dario Mujkic told the ABC it was common knowledge amongst the casino workforce that a ransomware attack had occurred, with multiple staff having seen a message seeking the payment of cryptocurrency.

Ransomware is a type of malware that encrypts a target’s files, with the attacker then demanding a ransom to be paid before it will restore access to the files, normally to be paid using Bitcoin or another type of cryptocurrency.

Dr Hanna said the incident had been contained due to hard work of its team and external experts, but did not answer when poker machines and hotel check-in services, at accommodation including Wrest Point, the Country Club, Saffire Freycinet, MACq 01 and the Henry Jones Art Hotel, would be able to resume.

“The Australian Cyber Security Centre was notified and is coordinating relevant law enforcement agencies and continued forensic analysis,” Dr Hanna said.

“Federal Group has at all times complied with legal and regulatory requirements related to the incident.”

“The incident is being actively investigated by Federal Group and external experts we have retained, with the cooperation and involvement of relevant authorities who are assisting, and as such we cannot comment further at this stage.”

Multiple former IT employees at Federal Group told the ABC they believed historic credit card details stored in the hotel booking system could have been compromised, as well as the electronic gaming systems at both casinos.

Dr Hanna did not respond to questions about whether personal or credit card information of customers had been compromised, but said unions and other individuals who commented on the incident “are not involved in the investigation or appraisal of all relevant information, and cannot be relied on to provide accurate information”.

An extended poker machine outage at casinos would come at a considerable financial cost to Federal Group.

According to electronic gaming machine expenditure data collected by Tasmania’s Liquor and Gaming Commission, patrons spent $53.7 million on poker machines at Federal Group’s two casinos and on the Spirit of Tasmania during the last eight months, with an average monthly expenditure of $6.7 million.

Under federal legislation, any organisation covered by the Privacy Act must notify the Office of the Australian Information Commissioner and any affected individuals of a data breach when it is “likely to result in serious harm to an individual whose personal information is involved”.

Federal Group did not answer whether it had notified the OAIC of a notifiable data breach.

The Australian Federal Police said it was aware of the incidents impacting Federal Group, but had not received any reports relating to them, and was not investigating the matter.

Tasmanian businesses vulnerable, cyber expert says

International privacy and security consultant Terry Aulich, a former federal senator and Tasmanian minister, said gaming and gambling organisations would be “high on the list” to be targeted by hackers.

Mr Aulich did not comment directly on the Federal Group hack but said restoring services for a victim of ransomware could take several weeks.

“Cash-based or financially sophisticated organisations like casinos are going to be a target of attacks and they can be very sophisticated, because it’s the old system,” he said.

“Once you have a honeypot then it’s the worth the while of hackers and other bad players to build up a sophisticated attack mechanism and that’s their major problem.”

“Young kids are not going to have a go at you if you’re a casino, but it’s groups of major crooks that are going to be your enemy.”

Mr Aulich said he was “extremely disappointed” with the sophistication of Tasmanian business’ cyber defences, as well as the effort they put into them.

He said he had written to three Tasmanian organisations warning them that they could be a likely target of cyber attacks, and was surprised how laidback the companies had been.

“I think it’s a view we have in Tassie about all sorts of things, that somehow or other the awful things that go on overseas, whether it’s in IT or whatever, that it’s not going to happen here in dear little old Tassie,” he said.

“That’s entirely untrue. They will look for the weakest link in Australian society, in Australian business, and it may well be that Tasmania is one of those.”

Premier Peter Gutwein said the cyber incident was “challenging” but said Federal Group was doing all it could to restore its services.

Source : https://www.abc.net.au/news/2021-04-13/ransomware-attack-hits-federal-group-casino-operator/100064038