A targeted hacker attack has downed the customer-facing systems of Ohio’s lottery, prompting state officials to start an emergency investigation into the hack.
Ohio Lottery officials announced Wednesday they were dealing with a “cyber security incident” that impacted some “internal applications.”
The attack, which reportedly occurred on Christmas Eve, is preventing customers from cashing in prizes above $599 via mobile or at Super Retailers. Instead, lottery officials say prize claims can be mailed to the Ohio Lottery Central Office.
“Additionally, winning numbers for KENO, Lucky One, and EZPLAY Progressive Jackpots are not available on our website or mobile app but can be checked at any Ohio Lottery Retailer,” officials said.
Customers can also check the Ohio Lottery website and mobile app for winning numbers until the incident is sorted out, lottery management said shortly after confirming the hack.
However, ohiolottery.com is down at the time this report was published. All announcements, advisories and claim forms served up through the lottery’s official website are unavailable.
Christopher Warner, a senior security consultant with research firm GuidePoint, opined to FOX 8 reporters that the attackers might have tried to “hack their way into a winning number and then win the lottery.”
Lotteries everywhere randomly produce the winning numbers in real time, so it’s hard to imagine how such a scenario would play out in the hackers’ favor.
According to a BleepingComputer report, an up and coming ransomware operation dubbed DragonForce has already claimed responsibility for the attack.
The crew allegedly pilfered more than 600 GB of data from the Ohio Lottery servers before encrypting its IT network, causing the outage extending to this day.
In typical ransomware fashion, the extortionists are also threatening to leak sensitive data, if they don’t “reach an agreement […] and come to an amount that suits both parties.”
The threat actors claim to be sitting on “3,000,000+ entries, first name, last name, mail, addresses, winning amounts! SSN + DOB records of employees and players.”
State investigators continue to look into the incident.
Bitdefender Digital Identity Protection lets you instantly find out if your data has leaked online, what type of information was compromised, what risks you face, and whether your information is up for sale on the dark web.
Bitdefender Identity Theft Protection covers damages and financial loss from identity theft, complete with identity theft restoration services, and insurance up to $2 million.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsNovember 14, 2024
September 06, 2024