Ohio Lottery hit by cyberattack claimed by DragonForce ransomware

Ohio Lottery hit by cyberattack claimed by DragonForce ransomware

December 27, 2023 at 05:17PM

The Ohio Lottery experienced a cyberattack on Christmas Eve, disrupting some internal applications. Services are being restored, but mobile cashing above $599 and some winning numbers are unavailable. The lottery advises customers to check numbers at retailers, and smaller prizes can be cashed at retailers, while larger prizes require mailing forms or claiming in person. The attack has been claimed by the DragonForce ransomware gang, who have allegedly stolen sensitive data from customers and employees. The gang has threatened to leak over 3 million entries, including Social Security Numbers and dates of birth. The Ohio Lottery is working to restore services and investigate the incident while facing this cyber threat.

Based on the meeting notes, the Ohio Lottery experienced a cyberattack on Christmas Eve, which forced the shutdown of some internal systems. As a result, several services have been affected, including mobile cashing, prize cashing above $599 at Super Retailers, and access to winning numbers for certain games on the website and mobile app.

Additionally, customers are being directed to check winning numbers at Ohio Lottery Retailer locations and are advised on how to claim prizes based on their value. The lottery is working to restore all impacted services while the incident is under investigation, and a separate advisory has been issued to provide further guidance to customers during this time.

The cyberattack has been claimed by a new ransomware gang known as DragonForce, who claim to have encrypted devices and stolen data, including customer and employee information. The leaked data potentially includes Social Security Numbers, dates of birth, and other personal details belonging to Ohio Lottery customers and employees.

The DragonForce ransomware gang is newly surfaced, and there is limited information available about them. However, their tactics and data leak site suggest that they may be an experienced extortion group, and it’s possible that they could be a rebrand of a previous gang. The state lottery has not linked the incident to any known threat actors or hacking groups and has stated that the internal investigation is ongoing.

Full Article