{
	"id": "21a4e3f2-2dd6-4ca8-ba10-0d65565b8cc3",
	"created_at": "2026-04-06T00:17:23.730177Z",
	"updated_at": "2026-04-10T03:21:59.638729Z",
	"deleted_at": null,
	"sha1_hash": "eaf81a63cb047063f13e6a35887a0a246f6c04cb",
	"title": "Crown Resorts confirms ransom demand after GoAnywhere breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 838746,
	"plain_text": "Crown Resorts confirms ransom demand after GoAnywhere breach\r\nBy Bill Toulas\r\nPublished: 2023-03-28 · Archived: 2026-04-05 12:40:16 UTC\r\nCrown Resorts, Australia's largest gambling and entertainment company, has confirmed that it suffered a data breach after its\r\nGoAnywhere secure file-sharing server was breached using a zero-day vulnerability.\r\nThe Blackstone-owned company has an annual revenue that surpasses $8 billion and operates complexes in Melbourne,\r\nPerth, Sydney, Macau, and London.\r\nThis data breach was conducted by the Clop ransomware gang, which has shifted over the past year from encrypting files to\r\nperforming data extortion attacks. \r\nhttps://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nIn February, the threat actors claimed to have stolen data from 130 organizations over ten days utilizing a GoAnywhere\r\nzero-day vulnerability.\r\nWhile Crown Resorts confirmed that it is being extorted by Clop, who claims to have stolen data from its networks, it says\r\nthere is no evidence of the data breach impacting customers.\r\n\"We were recently contacted by a ransomware group who claim they have illegally obtained a limited number of Crown\r\nfiles,\" reads the firm's statement.\r\n\"We are investigating the validity of this claim as a matter of priority. We can confirm no customer data has been\r\ncompromised, and our business operations have not been impacted.\"\r\nThe gambling and entertainment company says they will continue to work with law enforcement to continue the\r\ninvestigation of the security incident and will provide updates if new evidence surfaces.\r\nCrown Resorts is the latest in a long list of victims who have admitted to being impacted by the GoAnywhere breaches,\r\nincluding CHS, Hatch Bank, Rubrik, the City of Toronto, Hitachi Energy, Procter \u0026 Gamble, and Saks Fifth Avenue.\r\nClop is still extorting the victims by threatening to release the data it stole from their networks but has not yet leaked\r\nanything on its data leak site.\r\nClop claiming Crown Resorts as a victim\r\nSource: BleepingComputer\r\nMeanwhile, the vendor of GoAnywhere software, Fortra, is already facing the prospect of a class action lawsuit in the\r\nUnited States, accused of failing to implement adequate cybersecurity measures to protect the private data stored in its\r\nnetwork.\r\nAlthough Fortra offered the plaintiff, a Hatch Bank customer, one year of free identity monitoring and fraud protection\r\nservices, the gesture is dismissed as insufficient to mitigate the lifetime risk of personal data exposure.\r\nThe Clop ransomware gang has a history of exploiting zero-day flaws to steal data from companies and perform massive\r\nextortion waves.\r\nIn December 2020, the gang utilized a zero-day flaw in Accellion FTA to compromise over a hundred firms, including Shell,\r\nKroger, Qualys, and several Universities, demanding $10,000,000 in extortion demands.\r\nhttps://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/\r\nhttps://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/"
	],
	"report_names": [
		"crown-resorts-confirms-ransom-demand-after-goanywhere-breach"
	],
	"threat_actors": [],
	"ts_created_at": 1775434643,
	"ts_updated_at": 1775791319,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/eaf81a63cb047063f13e6a35887a0a246f6c04cb.pdf",
		"text": "https://archive.orkl.eu/eaf81a63cb047063f13e6a35887a0a246f6c04cb.txt",
		"img": "https://archive.orkl.eu/eaf81a63cb047063f13e6a35887a0a246f6c04cb.jpg"
	}
}