Ransomware Attack Shuts Down Kewadin Casinos in Michigan

^{A sign on the Kewadin Casinos website announces the continuing shutdown of virtually all operations. This notice was current as of late Thursday evening. (Image: Kewadin.com)}

Another gaming operator is dealing with the impact of a cybersecurity attack, as Kewadin Casinos has been forced to shut down its Upper Peninsula casinos in Michigan after being targeted by a ransomware attack.

Kewadin Casinos, which is owned and operate by the Sault Tribe of Chippewa Indians, announced on Facebook Sunday night that it was halting operations at its casinos this week.

Casinos, Tribal Computer Systems Remain Down

“Beginning Monday, February 10 at 7 am our gaming operations will be halted until further notice,” Kewadin officials posted. “We understand that this is inconvenient and unexpected news. Please know our experts are working around-the-clock to restore gaming operations. We apologize for the inconvenience.”

Kewadin operates five casinos in Michigan, located in Christmas, Hessel, Manistique, Sault Ste. Marie, and St. Ignace. 

According to Sault Tribe Chairman Austin Lowes, the attack is impacting more than just casino operations.

“This attack impacted multiple computer and phone systems across tribal administration, including the casinos, health centers and various businesses,” Lowes said in a statement to WLUC-TV. “In response, the tribe has had to temporarily close many departments and businesses. Our hope is that this issue gets resolved within a week, but we are prepared for it to last longer.”

“The tribal government will remain open in a limited capacity to serve our members to the best of our ability despite this incident,” Lowes wrote.

As of Wednesday afternoon, gaming activities had not resumed at the Kewadin casinos.

Cyberattacks Plague Gaming Industry

Cybersecurity has become an increasingly critical concern for the gaming industry, as many casinos across the United States have been targeted by various forms of cyberattacks in recent years.

The most visible of these attacks came in September 2023, when a ransomware attack virtually shut down MGM Resorts International properties in the United States for multiple days. MGM would later say that the negative impact from that attack was around $100 million for the company. Caesars Entertainment was hit by the same cyberattack, led by hacker group Scattered Spider, but that it had chosen to pay around $15 million – approximately half of the $30 million demanded by the attackers – to regain control of its systems. 

In June 2024, Spanish police arrested UK national Tyler Buchanan, the alleged ringleader of Scattered Spider. However, the distributed nature of the organization means that the ransomware attacks are likely to continue, and many smaller-scale attacks have occurred in the time since the high-profile incidents for MGM and Caesars. 

In April 2024, the Swinomish Northern Lights Casino & Lodge in Anacortes, Washington was forced to close for more than two weeks due to what it termed “a cybersecurity incident that has affected our operations.” 

A similar attack impacted two Nevada casinos owned and operated by Olympia Gaming in June 2024. The operator confirmed that the Casino Fandango in Carson City and Legends Bay in Sparks had been targeted by cyberattacks. Olympia Gaming provided only minimal information on the attack when it occurred, citing the ongoing nature of the investigation.