Russian hacker group 'REvil' threatens to reveal technical secrets of top casino games if the maker doesn't meet hefty ransom demand
The Russian hacker group known as REvil has revealed that its latest target is a top supplier of casino equipment, and is threatening to release the company's data if a hefty ransom isn't paid.
REvil on Saturday issued a press release announcing it had taken control of the servers of Gaming Partners International, issuing a 72-hour deadline for the company to pay up or have its sensitive data exposed.
The hackers, who most recently targeted celebrity law firm Grubman, Shire, Meiselas & Sacks, said they had stolen 540 gigabytes of sensitive data from GPI, including financial documents, contracts, and technical documentation for all of the company's gaming machines.
'Absolutely all servers and working computers of the company are hacked and encrypted,' the hackers said in a statement on the Dark Web obtained by DailyMail.com.
HAcker group REvil on Saturday said it had taken control of the servers of Gaming Partners International, which supplies casino equipment in Las Vegas (above) and elsewhere
'We have all the most important data from all your servers, including Macao and Mexico,' said REvil.
'In another 72 hours, if you do not pay for our silence and decryption, all information from your severs will go public, which will bring huge losses to all customers to whom you provide your products,' the group added.
REvil did not specify their financial demand in the public statement. GPI did not immediately respond to an inquiry from DailyMail.com on Saturday evening.
Gaming Partners International is a leading provider of casino currency and table game equipment worldwide.
In the prior hack of Grubman, Shire, Meiselas & Sacks, the law firm refused to pay the millions in ransom that REvil demanded, and the company's data was auctioned off.
The 'damaging' details against President Donald Trump that REvil had promised never materialized.
REvil's signature tactic -- encrypting a company's servers and then threatening to release or auction off their data -- is an increasingly common scam among ransomware groups.
'Absolutely all servers and working computers of the company are hacked and encrypted,' the hackers said in a statement on the Dark Web (stock image)
'Companies faced with this situation are without good option. If they refuse to pay, the data will be published or sold. If they do pay, they simply have to take the criminal’s word that the stolen data will be destroyed,' Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com.
'Whether REvil do actually destroy the data upon payment being made is something only they know, but I suspect they do not,' Callow added.
'It seems highly improbable that they would simply dispose of information that they may be able to use or further monetize.'
In a recent interview with a Russian-language tech blog, a purported representative of REvil said that the group's most successful method of attack was through Remote Desktop Protocol, which allows for remote administration of a desktop over the internet.
Security experts recommend disabling RDP on company computers, and say that the best protection against hackers is quickly and frequently updating software with the latest updates.
No comments