A ransomware gang claims that it’s holding hostage the blueprints to a $700 million casino. If true, they may know more about the vaults, server rooms, and security cameras than the people building it.
The house always wins, unless hackers get the blueprints first. The Catawba Two Kings Casino Resort, a massive $700 million tribal project being built in Kings Mountain, North Carolina, has allegedly been breached by a cybercriminal gang known as Anubis.
The hackers posted a ransom threat on their dark web leak site, claiming they have a “terribly detailed archive” including blueprints of the casino’s main floor, parking, hotel tower, and even restricted back-of-house zones.
The resort project, which is being developed by the Catawba Indian Nation, broke ground in June 2024 and is set to open in 2026. When finished, it’s expected to host 4,300 slot machines, 100 table games, and a 400-room hotel. For now, a temporary facility has been operating since 2021.
The ransom note went live on April 23rd, with the timer on the leak site showing that the company has 19 hours until the data is publicly released. Ransomware gangs often use this tactic to force companies into paying up. Anubis's post on X suggests the gang might have held the data since late February.
If true, the hack is a potential security nightmare. Anubis says they’ve got layouts of server rooms, chip vaults, the locations of doors with restricted access, surveillance camera placements, staff interrogation rooms, and evacuation routes. All in all, the leaked data is a complete casino heist toolkit.
Anubis also claims to have snagged cadastral data, seismic docs, and legal records, which could throw even more sand into the gears of an already politically controversial development.
The Catawba Two Kings project has been mired in controversy long before ransomware gangs got involved. In 2022, the National Indian Gaming Commission slapped the tribe with a violation notice for operating the casino without an approved management contract, threatening fines of up to $57,000 per day.
By 2024, things escalated when a former development partner filed a lawsuit accusing the tribe of trespassing and unauthorized land alterations. The lawsuit claimed workers tore through easements and diverted drainage like they owned the place.
Meanwhile, the Eastern Band of Cherokee Indians has been fighting the project for years, arguing that the land never should’ve been placed in trust by the Department of the Interior in the first place.
Cybernews has reached out to the company, but a response has yet to be received.
Who is Anubis ransomware
The Anubis ransomware group is new to the scene. Its official X profile suggests that it has been active since the beginning of December 2024. The group mixes old-school extortion with startup-level monetization.
They run multiple affiliate programs, offering everything from ransomware-as-a-service to access brokering, so that third parties can also profit from their attacks.
Their tools support double extortion tactics, meaning that they don’t just encrypt victims files, they also threaten to leak them unless they get paid.
Your email address will not be published. Required fields are markedmarked