Two Las Vegas casinos fall victim to ransomware hack

Two Las Vegas venues operated by TLC Casino Enterprises were reportedly the victim of a ransomware attack on 27 February, with slot machines across both venues inactive for six days.

Staff at the Four Queens Hotel and Casino were forced to post signs reading “Computer systems are down – cash only,” at the entrance to the downtown property, while Binion’s Casino saw its website and slot machines taken offline.

“The board is aware of the incident and we are actively monitoring the situation,” said a spokesperson for the Nevada State Game Control Board. “As this is an ongoing investigation, we have no further comment.”

Computer failures for the week-long period also affected loyalty program processing and accommodation and amenity payment, following reports by the City of Las Vegas in January that it experiences 279,000 hacking attempts every month.

“If someone wants to hack a casino, it’s surprisingly just about how easily you can get into their networks,” security researcher Dylan Wheeler told Computer Business Review.

“If you are inside their networks, and they don’t segregate their networks properly, you’ll be able to interact with all kinds of machines, from the slot machines to even the card shufflers and camera systems.”

Though the computer systems are now operational at both the Four Queens Hotel and Casino and Binion’s Casino, casino operators are encouraged to take precautionary measures in order to better protect their machines, customers and inventory. “You can trigger almost anything including the developer testing stuff (jackpot etc.) if you know what you’re doing,” added Wheeler.

“You can also set a higher £ value to your inventory pretty easily due to test commands.”