Ransomware Group: LOCKBIT3

VICTIM NAME: jackpotjunction[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the LOCKBIT3 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The victim of this cyberattack is the online platform associated with Jackpot Junction, a casino located in Minnesota, United States, within the hospitality and tourism industry. The attack was publicly claimed as part of a LockBit group operation and was discovered on April 16, 2025. The breach involved a significant cyber incident that resulted in disruptions to the casino’s operations, including the suspension of slot machines and communication systems. The incident affected both the casino’s internal functions and its customer engagement, prompting the community to rely on social media for communication amid the operational halt. The attack may have involved data exfiltration, although specific details are not provided. The associated leak page includes a screenshot of internal documents and references to a payment claim URL. This incident impacted the local community and the casino’s business activities, highlighting the ongoing threat posed by cybercriminal groups targeting hospitality and gaming venues.

The leak page indicates that the attack was part of a broader ransomware operation, likely involving data theft and potential extortion. The cybercriminal group, identified as LockBit, claimed responsibility, and the incident’s details are available on a leak site with a link to further information. No sensitive individual or employee PII is disclosed; rather, the focus is on the operational disruption and the cyber threat. Visual evidence includes a screenshot of internal documents, which may suggest potential data leaks or evidence of the breach. The incident is a reminder of the cybersecurity risks facing public venues in the tourism sector, including the importance of robust defenses and incident response planning. No specific compromise date is provided, but the attack was publicly announced close to the discovery date on April 16, 2025, indicating recent activity.