Ohio Lottery Hit by DragonForce Ransomware Attack

Cybersecurity Disruption on Christmas Eve: Ohio Lottery Systems Temporarily Shut Down – DragonForce Claims Responsibility – Services Disrupted, Sensitive Data Compromised

The Ohio Lottery encountered a significant setback on Christmas Eve as a cyberattack forced the shutdown of crucial systems, affecting undisclosed internal applications. While an investigation is underway, efforts are actively being made to restore normal operations, keeping the gaming system fully operational amidst the chaos.

Key Information for Users:

• Mobile cashing and prize claims exceeding $599 at Super Retailers are presently unavailable.
• Winning numbers for KENO, Lucky One, and EZPLAY Progressive Jackpots are not accessible on the website or mobile app but can be verified at Ohio Lottery Retailers.
• Customers are encouraged to check winning numbers on the Ohio Lottery website and app. Prizes up to $599 can be claimed at any Ohio Lottery Retailer, while those surpassing $600 necessitate mailing or completion of a digital claim form.

The cybersecurity incident, which occurred on December 24, 2023, is actively under investigation, and the Ohio Lottery expresses regret for any inconvenience caused. The state’s internal probe is ongoing, and measures are being taken to expedite the restoration of all services.

DragonForce Ransomware Claims Responsibility:

Despite the Ohio Lottery not directly attributing the incident to any known threat actors or hacking groups, the newly surfaced DragonForce ransomware gang has claimed responsibility. The attackers assert that they have successfully encrypted devices and accessed sensitive data, including Social Security Numbers and dates of birth.

Details from the DragonForce data leak site reveal a compromise of over 3,000,000 entries, encompassing names, emails, addresses, and winning amounts. The leaked information, totaling approximately 600+ gigabytes, includes SSN and DOB records of both employees and players.

The DragonForce ransomware gang, although recently emerging, demonstrates characteristics of an experienced extortion group, as evidenced by their tactics, negotiation style, and the establishment of a comprehensive data leak site. In the context of increased law enforcement actions against ransomware operations, speculation arises that this group might be a rebrand of a previous gang.