HQ/EMEAFind out how we can help your business
The Ohio Lottery distributed breach notification letters to nearly 538,000 people, which became subjects to the alleged DragonForce ransomware attack that impacted the organisation’s computers in December last year.
Based on reports, the incident has affected approximately 538,959 people. The attackers have allegedly acquired access to the victims’ identities, Social Security numbers, and other personal information.
Moreover, the Ohio Lottery has launched an extensive forensic investigation and manual document review. The affected entity learned last month that specific files containing customers’ personal information were subject to unauthorised access.
The investigation stated that there was no evidence that the attackers misused the stolen information to execute for other malicious purposes. However, the lottery still offers all possibly affected individuals free credit monitoring and identity theft prevention services.
Ohio Lottery refused to name the attacker, forcing the DragonForce ransomware to claim the attack.
The Ohio Lottery did not disclose the identity of the hackers and the nature of the intrusion, but the DragonForce ransomware gang claimed responsibility days later. This group claimed they encrypted devices and took papers from Ohio Lottery customers and workers.
Researchers also stated that a group uploaded an entry to the ransomware group’s dark web leak site in December last year, saying that the attackers took over 3 million records. After discussions failed, the gang leaked four.bak archives and several CSV files on January 22, claiming they were taken from the Ohio Lottery’s computers.
On the other hand, the ransomware group said that the 94GB of leaked data contains only 1,500,000 records with Ohio Lottery clients’ names, Social Security numbers, and birth dates.
Experts warn organisations about this ransomware group since it shows malicious capabilities. Despite being a newcomer to the cybercriminal landscape, the techniques, negotiation style, and data leak site show how they can be compared to an experienced extortion gang.
However, some researchers stated that this group is a rebrand of a previously known cybercriminal group since their leak site currently includes nearly four dozen victims and that law enforcement has disrupted numerous ransomware operations in recent months.
Therefore, other organisations should keep tabs on this new threat since it can have significant implications for any target they set their sights on. All potentially impacted individuals in the Ohio Lottery attack should be careful in navigating through their digital presence since they will be susceptible to other illicit activities.
