{"id":1250,"date":"2026-02-15T12:45:15","date_gmt":"2026-02-15T18:45:15","guid":{"rendered":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/?p=1250"},"modified":"2026-02-15T12:45:15","modified_gmt":"2026-02-15T18:45:15","slug":"igt-hit-by-qilin-ransomware-las-vegas","status":"publish","type":"post","link":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/blog\/igt-hit-by-qilin-ransomware-las-vegas\/","title":{"rendered":"The House Always Wins? Not Against Ransomware: IGT Hit by Qilin Group"},"content":{"rendered":"

 <\/p>\n

<\/p>\n\n\n\n
\n

The House Always Wins? Not Against Ransomware: IGT Hit by Qilin Group<\/h1>\n

21,000 files leaked from gaming giant – Las Vegas casino supply chain at critical risk<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

<\/p>\n\n\n\n
\n

\ud83c\udfb0 CRITICAL ALERT: Gaming Supply Chain Breach<\/h3>\n

International Game Technology (IGT)<\/strong> – the cornerstone vendor for Las Vegas casino floors and lottery systems – has been compromised by Qilin ransomware. 10GB of data (21,000+ files)<\/strong> published on dark web after failed ransom negotiations. If your casino uses IGT systems, your data may be exposed.<\/strong><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

<\/p>\n\n\n\n
\n

The Breach: When the House Loses<\/h2>\n

In the high-stakes world of gaming, International Game Technology (IGT)<\/strong> is usually the one dealing the cards. The company powers slot machines, lottery systems, and gaming platforms across Las Vegas casinos from MGM Grand to Caesars Palace, Red Rock to The Venetian.<\/p>\n

However, as of February 12, 2026<\/strong>, the house has lost a major hand. After a total breakdown in ransom negotiations, the Qilin (Agenda) ransomware group<\/strong> published 10GB of data<\/strong>\u2014totaling over 21,000 sensitive files<\/strong>\u2014allegedly stolen from the gaming giant.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n\n\n\n
\n

Is This Critical for Las Vegas?<\/h3>\n

Absolutely.<\/strong> For Las Vegas businesses, IGT is a cornerstone vendor for casino floors and lottery systems. This leak isn’t just a corporate headline; it’s a direct threat to the integrity of the local gaming supply chain<\/strong>. If you operate slots, sports betting kiosks, or lottery terminals powered by IGT, your vendor connection may have exposed sensitive operational data, employee credentials, or customer information.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\n

<\/p>\n\n\n\n
\n

What Was Leaked: The Data Inventory<\/h2>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
\n

Confirmed Data Exposure:<\/h3>\n\n\n\n\n\n\n\n\n
\u25cf<\/strong><\/td>\nVolume:<\/strong> 10.1 GB total data size, organized into 21,000+ individual files<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nFile Types:<\/strong> Corporate documents, technical specifications, internal communications, employee data, vendor contracts, system architecture diagrams<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nPotential PII:<\/strong> Employee personally identifiable information (names, addresses, SSNs), vendor contact details, casino operator credentials<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nIntellectual Property:<\/strong> Gaming system designs, slot machine configurations, lottery platform specifications, proprietary algorithms<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nPartner Exposure:<\/strong> Casino operator integration details, third-party vendor relationships, service account credentials for IGT partner portals<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nDistribution:<\/strong> Data mirrored across multiple dark web repositories, TOR sites, and underground forums – publicly accessible to cybercriminals worldwide<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n

<\/p>\n\n\n\n
\n

Technical Details: The Qilin Arsenal<\/h2>\n

The Qilin group (also known as Agenda ransomware) utilizes a sophisticated “Double Extortion”<\/strong> model. Below are the technical signatures associated with their recent campaign against IGT:<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n\n\n\n
\n

Qilin Attack Methodology:<\/h3>\n\n\n\n\n\n\n\n\n\n
\ud83d\udeaa Initial Access: Exploit Chain<\/strong><\/p>\n

Qilin likely utilized vulnerabilities in unpatched VPN or RDP gateways<\/strong> for initial access. This matches MITRE ATT&CK technique T1133 (External Remote Services)<\/strong>. Common entry vectors include Citrix NetScaler, Fortinet FortiGate, and Cisco VPN vulnerabilities. IGT’s global infrastructure with remote office connections presented multiple attack surfaces.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n<\/tr>\n
\u2699\ufe0f Rust-Based Payload<\/strong><\/p>\n

Qilin’s malware is written in Rust programming language<\/strong>, allowing it to bypass legacy antivirus signatures and target both Windows and Linux\/VMware ESXi servers<\/strong> with high efficiency. Rust malware is compiled for each target environment, making detection extremely difficult. The cross-platform capability means Qilin can encrypt slot machine backend servers (often Linux-based) and Windows domain controllers simultaneously.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n<\/tr>\n
\ud83d\udce4 Double Extortion Model<\/strong><\/p>\n

Step 1:<\/strong> Data exfiltration before encryption – 10.1 GB of sensitive files copied to attacker infrastructure. Step 2:<\/strong> Network encryption – production systems locked with strong encryption. Step 3:<\/strong> Ransom demand – pay to decrypt AND prevent data publication. Step 4:<\/strong> When IGT refused final payment, Qilin published all stolen data publicly as “proof” to future victims that they follow through on threats.<\/p>\n<\/td>\n<\/tr>\n

<\/td>\n<\/tr>\n
\ud83c\udf10 Dark Web Publication<\/strong><\/p>\n

The 10.1 GB dataset was mirrored across dark web repositories once IGT refused the final ransom demand. Qilin operates a “leak site” on TOR where they showcase victims and publish stolen data. The IGT data is now permanently available to cybercriminals<\/strong> for credential harvesting, competitive intelligence, and secondary attacks against IGT’s casino partners.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

<\/p>\n\n\n\n
\n

Qilin Ransomware Technical Profile:<\/h3>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Programming Language:<\/td>\nRust (cross-platform, low detection rates)<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
Target Platforms:<\/td>\nWindows, Linux, VMware ESXi hypervisors<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
Encryption Method:<\/td>\nAES-256 symmetric encryption with RSA-4096 key protection<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
Exfiltration Tools:<\/td>\nRclone, Mega.nz, custom upload utilities<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
Privilege Escalation:<\/td>\nExploits Active Directory misconfigurations, stolen credentials<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
Ransom Payment:<\/td>\nBitcoin, Monero (cryptocurrency only)<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
Typical Dwell Time:<\/td>\n30-60 days (reconnaissance before encryption)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n

<\/p>\n\n\n\n
\n

The Risk: Why Las Vegas Casino CEOs Must Act<\/h2>\n

In our 24\/7 hospitality economy, a breach at a Tier-1 vendor like IGT creates a Supply Chain Contagion<\/strong>. This isn’t just IGT’s problem\u2014it’s yours.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n\n\n\n
\n

\ud83d\udd17 Supply Chain Attack Vector<\/h3>\n

If you are a vendor, partner, or operator using IGT-affiliated systems<\/strong>, your corporate data or employee PII may be sitting in this public dump. This incident bypasses your perimeter<\/strong> and hits you through a “trusted” connection. IGT’s customer portal credentials, VPN access tokens, and API keys may all be exposed, allowing attackers to pivot into your casino network using legitimate IGT credentials.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
\n

\ud83c\udfb0 Gaming Floor Operations Risk<\/h3>\n

IGT powers thousands of slot machines across Las Vegas. The leaked technical specifications could reveal slot machine configurations, payout algorithms, and backend server architectures<\/strong>. This intellectual property in the wrong hands could enable gaming fraud, machine manipulation, or targeted attacks against specific casino floors. Nevada Gaming Control Board compliance may be at risk if slot system integrity is compromised.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n
\n

\ud83d\udcb3 Player Data Exposure<\/h3>\n

IGT’s sports betting platforms and player loyalty systems process millions of customer transactions. If the breach included integration documentation with casino operators, player account structures, database schemas, or API authentication methods<\/strong> may be exposed. This creates a roadmap for attackers to target downstream casino customer databases.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n\n\n\n
\n

Las Vegas Gaming Ecosystem Vulnerability:<\/h3>\n\n\n\n\n\n\n\n
\u25cf<\/strong><\/td>\nStrip Properties:<\/strong> Major casinos on The Strip rely heavily on IGT for slot floors, lottery kiosks, and sports betting systems – single vendor concentration creates systemic risk<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nTribal Gaming:<\/strong> Nevada tribal casinos operating IGT equipment may face unique compliance challenges given sovereign jurisdiction requirements<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nNevada Lottery:<\/strong> State lottery systems powered by IGT could expose player information and revenue tracking data<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nRegulatory Scrutiny:<\/strong> Nevada Gaming Control Board will likely require breach notifications and security posture reviews from all IGT customers<\/td>\n<\/tr>\n
\u25cf<\/strong><\/td>\nCompetitive Intelligence:<\/strong> Rival gaming equipment manufacturers could gain unfair advantage from leaked proprietary technology and designs<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n

<\/p>\n\n\n\n
\n

The 3-Step Mitigation Plan for IGT Customers<\/h2>\n

If your casino or gaming operation uses IGT systems, implement these emergency measures immediately:<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n\n\n\n
\n\n\n\n
\n
1<\/div>\n<\/td>\n
\n

Force Password Resets on All IGT Integrations<\/h3>\n

Immediate Action:<\/strong> Immediately rotate all service account credentials that interact with IGT systems, Brightstar portals, IGT customer support logins, API keys, VPN access tokens, and any shared authentication mechanisms.<\/p>\n

Assumption:<\/strong> Assume that any credential used to access IGT systems in the last 90 days may be compromised. Change everything. Use strong, unique passwords and enable Multi-Factor Authentication (MFA) on all accounts. Document all changes for Gaming Control Board audit compliance.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n\n\n\n
\n\n\n\n
\n
2<\/div>\n<\/td>\n
\n

Audit Identity & Access Logs<\/h3>\n

Detection:<\/strong> Review Active Directory logs, VPN access records, and security information and event management (SIEM) data for unusual login patterns from remote employees or unknown IP addresses. Qilin often harvests credentials from these leaks for secondary attacks months later.<\/p>\n

Focus Areas:<\/strong> Look for after-hours logins, geographic anomalies (employee credentials used from foreign countries), multiple failed authentication attempts followed by success, and access to systems the user doesn’t normally touch. Any IGT-related credentials appearing in the leaked dataset should trigger immediate investigation.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n\n\n\n
\n\n\n\n
\n
3<\/div>\n<\/td>\n
\n

Comprehensive Vendor Risk Review<\/h3>\n

Strategic Assessment:<\/strong> Re-verify the security posture of your entire digital supply chain using the NIST Cybersecurity Framework<\/strong>. Don’t just focus on IGT\u2014audit all critical vendors (payment processors, property management systems, surveillance providers).<\/p>\n

Action Items:<\/strong> Request SOC 2 Type II reports from all vendors, verify they have cyber insurance coverage, confirm incident response procedures are documented, and establish clear breach notification timelines. For IGT specifically, request confirmation that your data was NOT included in the leaked dataset and demand evidence of remediation measures taken post-breach.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\n

<\/p>\n\n\n\n
\n

How CMIT Solutions of Las Vegas Protects Gaming Businesses<\/h2>\n

At CMIT Solutions<\/strong>, we help Las Vegas gaming and hospitality businesses navigate these vendor-driven crises. We provide proactive monitoring and incident response<\/strong> to ensure that when a major player like IGT gets hit, your business stays in the game.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n\n\n\n
\n

Gaming Industry Security Services:<\/h3>\n\n\n\n\n\n\n\n\n\n
\u2713<\/strong><\/td>\nVendor Risk Management:<\/strong> Continuous assessment of your critical suppliers (IGT, Konami, Aristocrat, payment processors) with automated threat intelligence monitoring for breaches<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\n24\/7 SOC Monitoring:<\/strong> US-based Security Operations Center watches for supply chain compromises, credential stuffing attacks using leaked credentials, and lateral movement from vendor connections<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nDark Web Monitoring:<\/strong> Proactive scanning of dark web leak sites, underground forums, and ransomware group TOR pages for your company data or vendor breach exposure<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nNetwork Segmentation:<\/strong> Isolate gaming floor systems (slots, table games, sports betting) from corporate networks to contain vendor-originated breaches<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nRansomware Defense:<\/strong> EDR with behavioral detection, immutable backups, and tested disaster recovery procedures designed for 24\/7 casino operations<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nGaming Control Board Compliance:<\/strong> Documentation and security controls aligned with Nevada Gaming Control Board Regulation 5.170 and Minimum Internal Control Standards (MICS)<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nIncident Response Planning:<\/strong> Pre-established breach response playbooks specific to gaming operations with regulatory notification procedures and business continuity safeguards<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

<\/p>\n\n\n\n
\n

\ud83c\udfb0 Do You Use IGT Systems?<\/h3>\n

Don’t wait to find out if your data was in the breach. Get an emergency vendor risk assessment and credential audit in 24 hours.<\/p>\n

Request Emergency Security Assessment<\/a><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\n

<\/p>\n\n\n\n
\n

Protect Your Casino from Supply Chain Attacks<\/h2>\n

When your vendors get breached, your business is at risk. Get comprehensive gaming industry cybersecurity from Las Vegas experts.<\/p>\n

CMIT Solutions: Trusted by Las Vegas Casinos, Gaming Operators, and Hospitality Groups<\/p>\n\n\n\n
\n

\ud83d\udcde 702-725-2877<\/a><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Request Gaming Security Assessment<\/a><\/p>\n

cmitsolutions.com\/lasvegas-nv-1206<\/a><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

<\/p>\n\n\n\n
\n

Key Takeaways for Gaming Operators:<\/h3>\n\n\n\n\n\n\n\n\n\n\n
\u26a0<\/strong><\/td>\nIGT ransomware attack<\/strong> – Qilin group published 10GB (21,000 files) after failed ransom negotiations on February 12, 2026<\/td>\n<\/tr>\n
\u26a0<\/strong><\/td>\nSupply chain contagion risk<\/strong> – IGT customers’ data, credentials, and system documentation may be exposed in leak<\/td>\n<\/tr>\n
\u26a0<\/strong><\/td>\nLas Vegas gaming floor impact<\/strong> – Slot machines, lottery systems, sports betting platforms across The Strip powered by IGT<\/td>\n<\/tr>\n
\u26a0<\/strong><\/td>\nQilin double extortion<\/strong> – Rust-based malware targets Windows, Linux, ESXi with data exfiltration before encryption<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nRotate all IGT credentials immediately<\/strong> – Service accounts, portal logins, API keys, VPN tokens<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nAudit access logs for anomalies<\/strong> – Look for credential abuse using leaked data in secondary attacks<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nComprehensive vendor risk review<\/strong> – Re-verify security posture using NIST Cybersecurity Framework<\/td>\n<\/tr>\n
\u2713<\/strong><\/td>\nCMIT Solutions provides vendor risk management<\/strong> and 24\/7 monitoring for Las Vegas gaming operations<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

<\/p>\n\n\n\n
\n

Sources & Additional Reading<\/h3>\n

Primary Sources:<\/strong>
\n\u2022 SC World: Qilin Ransomware Claims International Game Technology Hack<\/a>
\n\u2022 BlackFog: Qilin Ransomware Analysis: Impact and Defense 2025<\/a><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/article>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

  The House Always Wins? Not Against Ransomware: IGT Hit by Qilin…<\/p>\n","protected":false},"author":1008,"featured_media":1251,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1250","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-local-it"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/posts\/1250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/users\/1008"}],"replies":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/comments?post=1250"}],"version-history":[{"count":0,"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/posts\/1250\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/media\/1251"}],"wp:attachment":[{"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/media?parent=1250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/categories?post=1250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cmitsolutions.com\/lasvegas-nv-1206\/wp-json\/wp\/v2\/tags?post=1250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}