Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DragonForce. Show all posts

DragonForce Ransomware Gang Prompts Ohio Lottery to Shut Down


On 25 December 2023, the Ohio Lottery faced a major cyberattack, as a result, they had to shut down some crucial systems related to the undisclosed internal application. 

The threat actors behind the breach are the DragonForce ransomware group. 

While the investigation in regards to the breach is ongoing, the company confirms to its customers that its gaming systems are fully functional. The gaming system is still operational, although some services have suffered. At Super Retailers, prize cashing above $599 and mobile cashing are temporarily unavailable. 

The winning numbers for the KENO, Lucky One, and EZPLAY Progressive Jackpots can be found at any Ohio Lottery Retailer; they are unavailable on the internet or mobile app.

In its press release, the lottery states: "On December 24, 2023, the Ohio Lottery experienced a cybersecurity incident impacting some of its internal applications and immediately began work to mitigate the issue. The state's internal investigation is ongoing. We apologize for the inconvenience and are working as quickly as possible to restore all services."

What must the Customers do?

The company has requested customers to check the Ohio Lottery website and mobile app for winning numbers at this time.  WKYC informs that prizes up to $599 can be claimed at any Ohio Lottery Retailer, while prizes over $600 need to be sent by mail to the Ohio Lottery Central Office or using the online claim form. 

Ransomware Gang Claims Responsibility

While Ohio Lottery did not confirm who was behind the cyberattack, a ransomware group called DragonForce claimed responsibility. 

According to a report by BleepingComputer, the threat group claims that they have encrypted devices and accessed sensitive data like Social Security Numbers and the date of birth of affected customers. 

According to the DragonForce gang, over 3,000,000 lottery customers' names, addresses, emails, winning amounts, Social Security numbers, and dates of birth are among the data that have been hacked. The weight of the released data—more than 600 gigabytes—raises questions regarding the scope of the hack. 

DragonForce: A New Competitor in the Ransomware Arena

Despite being a relatively young ransomware gang, the DragonForce gang's methods and data leak website suggest a rather experienced extortion organization. As law enforcement steps up their efforts to combat ransomware activities, new organizations like DragonForce are coming into action, which raises the issue of rebranding within the threat landscape. 

In a similar case, the official Facebook page of the Philippines lottery system was recently hacked by anonymous hackers. The witnesses reported that threat actors were apparently spamming the website page with nude photos. This prompted the Philippine Charity Sweepstakes Office (PSCO) to shut down the page for the time being, during which the Cybercrime Investigation and Coordinating Center (CICC) will conduct its investigation.   

DragonForce Group Unleash Hacks Against India

 

According to a recent Radware warning, a hacktivist group called DragonForce Malaysia has begun indiscriminately scanning, defacing, and executing denial-of-service assaults against several websites in India with the support of several other threat groups. 

In addition to DDoS, its focused "OpsPatuk" operation incorporates sophisticated threat actors "leveraging existing vulnerabilities, breaching networks, and releasing data. DragonForce Malaysia, well known for its hacktivism in favour of the Palestinian cause, has shifted its focus to India, in reaction to a controversial statement made by a party spokesperson concerning the Prophet Mohammed. OpsPatuk is still active, according to the alert.  

Nupur Sharma, a spokesperson for the Bharatiya Janata Party (BJP), made controversial statements about the age of the Prophet Mohammed's third wife, Aisha, during a televised discussion last month. There was considerable outrage, following declarations from Muslim leaders, huge protests, and Sharma's expulsion from the BJP.

Then, on June 10, DragonForce Malaysia joined the fray. Their new onslaught against the Indian government was announced in a tweet: "Greetings The Government of India. We Are DragonForce Malaysia. This is a special operation on the insult of our Prophet Muhammad S.A.W. India Government website hacked by DragonForce Malaysia. We will never remain silent. Come Join This Operation! #OpsPatuk Engaged"

The latest alert indicates that the group employed DDoS to carry out "multiple defacements across India," including pasting its logo and content onto targeted websites. Additionally, the group claimed to have stolen and released data from several government organisations, financial institutions, colleges, service providers, and several other Indian databases. Other hacktivists – 'Localhost,' 'M4NGTX,' '1887,' and 'RzkyO' – also joined the party, "defacing multiple websites across India in the name of their religion," according to the researchers. 

About DragonForce Malaysia:

DragonForce Malaysia is a hacktivist group similar to Anonymous. They are linked by political objectives and a penchant for sensationalism. Tens of thousands of people use their social media channels and website forums, which are used for "anything from organising an eSports team to conducting cyberattacks." 

DragonForce has previously waged cyber attacks against companies and government agencies throughout the Middle East and Asia. Their preferred target has been Israel, with various operations – #OpsBedil, #OpsBedilReloaded, and #OpsRWM – conducted against the country and its citizens.