The attack started at 5p.m. with the hook of a phishing email and a bogus invoice sent to an external consultant working in-house. The consultant received an email with the subject line Requested receipt ID:084C9F . The consultant opened the email message and double-clicked on the attachment unleashing the. payload was the TeslaCrypt 3 ransomware. The casino, with 1,000 employees, has an infrastructure that consists of two massive physical data centers and a cloud infrastructure.
Source: https://threatpost.com/diary-of-a-ransomware-victim/117877/