The Ohio Lottery encountered a cybersecurity incident on December 24, 2023, impacting internal applications. This led to disruptions, hindering access to winning numbers for KENO, Lucky One, and EZPLAY Progressive Jackpots on the lottery’s website and app. Customers were directed to check numbers at retailers during the ongoing investigation and system restoration.
Prizes up to $599 could be claimed at retailers, while higher amounts required mailing to the Ohio Lottery Central Office or using digital claim forms. However, the Ohio Lottery’s mobile cashing app and Super Retailer locations ceased processing prizes exceeding $599. The incident, under investigation, has not been directly linked to any known threat actors.
However, the emergence of the DragonForce ransomware gang claimed responsibility. The attackers allegedly encrypted devices and accessed data, including Social Security Numbers and birthdates. The gang’s data leak site suggests over 3 million entries of customers’ and employees’ information, spanning names, addresses, winning amounts, SSNs, and DOBs, totaling around 600+ gigabytes of leaked data. The DragonForce gang, though newly surfaced, exhibits experienced extortion tactics through their data leak site and negotiation methods.
Despite their novelty, similarities suggest potential ties to previous ransomware operations, raising speculation about a rebranded group. Law enforcement efforts targeting ransomware operations may shed light on the gang’s origin or connections in the evolving cybersecurity landscape.
