Kewadin Casinos in Michigan to Reopen After Ignoring Ransomware Hackers Demands

^{The Kewadin casinos in Michigan's upper peninsula will finally reopen after being shut down for more than two weeks by a ransomware attack. (Image: Dennis McDonald / Alamy)}

The Sault Tribe of Chippewa Indians announced Tuesday its plans to begin reopening its casinos on Wednesday, Feb. 26, following a cyberattack that impacted systems for many tribal services. 

The ransomware attack began on Feb. 9, and caused the five Kewadin Casinos on Michigan’s Upper Peninsula to close.

All Casinos Scheduled to Reopen by Monday

The tribe says that its Sault Ste. Marie casino will be reopened on noon Wednesday. That will be followed by the St. Ignace venue at noon on Friday, Feb. 28. The remaining three casinos – in Christmas, Hessel, and Manistique – will be opened on Monday, March 3.

“Some tribal organizations were impacted more severely than others and are still recovering, but we’re fortunate to be able to reopen Kewadin’s doors and continue serving as a prime entertainment destination for the eastern U.P.,” Tribe Chairman Austin Loews said in a statement. 

“To our guests who were unable to visit us during this time, I am very sorry for the inconvenience this has caused. Our team worked with outside cybersecurity experts around the clock to make the necessary steps to strengthen and enhance our IT systems, and we are open and ready for business.”

The casinos were just one of the sectors impacted by the cybersecurity incident. Health services were also impacted, and Lowes has said that bringing those vital services back to full operation is a priority for the tribe. In addition, at least 10 tribal members had personal information exposed, though Lowes says that the tribe doesn’t know the full extent of personal data that was stolen.

Hackers Send Letter to Tribal News Website

In an unusual twist in this case, a group purporting to be the hackers who instigated the ransomware attack sent a letter to the editor to the Sault Tribe Guardian, a news website covering the tribe. On Feb. 16, the site published a letter that claimed to share the perspective of those who had attacked the tribal systems.

“The attack did occur on Feb. 9, and since that time, we have made multiple attempts to contact the Tribal Board of Directors,” the letter reads. “They have received detailed instructions via phone voicemails, corporate and personal emails, and internal network messages. Despite these numerous efforts, no representative from the Sault Tribe has initiated any communication with us. Therefore, the reported $5 million ransom figure is purely speculative, as no negotiations have taken place.”

The hackers said that they would be able to restore all networks within 24 hours if tribal leadership spoke to them to “resolve this situation.”

“Additionally, the financial situation of the Tribe is sufficient to cover the expenses associated with this cyberattack,” the letter continues. “We confirm possession of over 100 gigabytes of confidential data, consisting of more than 500,000 files. The Tribe’s failure to act raises serious questions about its leadership’s priorities and intentions regarding this matter.”

The letter also pointed out that the tribe holds “at least” three cyber insurance policies, which it claims would normally lead to communication between the hackers and the companies that issued those policies.

“Why no insurance representative has contacted us remains a mystery,” the letter reads. 

The site’s editor replied with a coy message that, in part, empathized with the hackers.

“Welcome to our world,” the message read. “The tribal board ignores members, too.”

The Kewadin casinos are only the latest in a string of ransomware targets in the gaming industry. In September 2023, MGM Resorts was virtually shut down by a ransomware attack that the company said ultimately cost it around $100 million in negative impacts. Caesars Entertainment was also hit by that cyberattack, but chose to pay about $15 million in ransom to regain control of its systems.