A few days ago the National Lottery (Lotenal) suffered a ransomware attack at the hands of the Russian hacking group Avaddon. However, in addition to this violation, yesterday the group exposed 2.9 GB of internal information and indicated that the institution had 192 hours to contact them, otherwise they will display more information.
“The company does not want to cooperate with us, so we will filter some of their documents and we will give them 192 hours to communicate and cooperate with us,” the threat can read.
The documents that were exposed range from information on payments, policies, contracts, to databases from 2009 to 2021 and although so far Lotenal has not given a position on the situation, Avaddon said that the information that they did not expose may be released if there is no contact from the organization and they are even willing to sell it.
On Thursday, May 27, Avaddon cybercriminals revealed that they had attacked National Lottery information, and threatened to reveal confidential data if the institution concealed the attack or did not respond. Avaddon gave Lotenal 10 days to pay the ransom or make the information extracted from its systems public.
Lotenal acknowledged that it suffered a theft of information from the administrative area carried out by criminals operating internationally and after noticing the cyber attack, the institution notified the Cyber Police and said that it has the advice of the National Digital Strategy Coordination (CEDN) of the Presidency of the Republic, as well as experts in cybersecurity.
This cyberattack coincides with complaints from Predictions users, who have shared on social media that the betting services are not working properly.
According to the browser, Deep Web, there are at least 800 documents leaked and they highlight endorsements of official Lotenal emails, as well as sessions of the governing councils of the organization.
Cybersecurity experts, such as Andrés Velázquez, director of Mattica, have expressed their concern around this issue.
“It is a ransomware just like the one that affected the United States pipeline, it is Ransomware-as-a-Service, so that a third party could affect and keep a part of the profit,” Velázquez said in a tweet.
While Martina López, a security researcher at Eset, explains in an analysis that Avaddon is growing in the region, so this type of attack could be seen more.
“Although the most common targets of attack in its short period of life have been small and medium-sized companies in Europe and the United States, something that caught our attention is the number of people affected by this ransomware in Latin America,” says López .
In Brazil, Peru, Chile and Costa Rica, Avaddon victims have been reported in recent months, from government agencies to companies in the healthcare or telecommunications industries.
