Lotenal: Mexican Lottery Agency Keeps Mum On The Ransomware Attack


A group of malicious hackers have claimed that they have infiltrated the computer servers of Lotenal or National Lottery. They have also threatened to disclose confidential information in case the agency refuses to cooperate with the hackers.

The hackers accessed the servers last Thursday, the 28th of May 2021. They had implemented the Avaddon ransomware. This malicious software or malware has also been used in several cyberattacks in numerous countries. 

Furthermore, the malicious group has also demanded a ransom payment within ten days. They promised not to leak the stolen information as they received their demanded ransom payment. However, the amount of ransom the group has demanded is still unknown. 

“… We have data such as all contracts and agreements from 2009 to 2021, legal documents, correspondence, finance, notarial data, outsourcing, and much more,” the group said in a statement published online. “Also remember that data cannot be decrypted without our general decryptor. And your site will be attacked by a DDoS [distributed denial of service] attack,” it said.

What is more shocking is that the Lottery firm Lotenal has neither denied the cyber attack nor confirmed the same. On Friday, the company stated that it had been updating its systems which was causing some interruptions to all of its online services. Following this, on Saturday, the cybercriminal gang had released another statement.

“Apparently the [agency] does not quite understand the seriousness of this situation and wants to hide the fact that they were hacked and we stole data from their servers,” it said.

“… What if we say that we have a lot of confidential data (see photo below), such as sexual harassment in the workplace, unpleasant incidents and a lot of dirt associated with your [agency]? If you continue to lie to everyone and do not contact us on this fact, then we, in turn, are ready to surprise all who follow the news related to our blow to your companies with very interesting documents that we have.”

The cybercriminal group has also published an image of a redacted document of the federal government. The document clearly stated that a Lotenal cleaner had been a victim of sexual harassment.

As per Hiram Caramillo, the director and co-founder of information security at Seekurity, the gangs that utilize ransomware like Avaddon are “criminals that earn millions of dollars” via extortion.

Additionally, he said that Lotenal must be working to ensure that the Avaddon ransomware is no longer utilized to infiltrate the systems. Further, the lottery agency must identify the stolen information. 

“It’s not the first time that a company that has been hacked denies the attack,” he said, referring to Lotenal’s decision not to acknowledge the cyberattack publicly.

This is, however, not the first time that the ransomware groups responded to the companies that had refused to cooperate.

As per the U.S. FBI, Avaddon ransomware had been advertised for the very first time on the Russian hacking forums as a RaaS or Ransomware-as-a-Service product. RaaS implies the sale of ransomware or malware to the hacker aspirants through the subscription model. All those hackers who do not possess any skill to write and implement their own ransomware code to the victims can take help from these RaaS. These malicious codes are openly sold on the dark web. Typically, the ransomware developers get a cut from the victim’s payment. 

As per Group-IB, a cybersecurity research company, nearly ⅔ of the ransomware attacks that occurred in 2020 had been based on the RaaS model. The FBI had earlier issued a statement last month that mentioned that the FBI had received several notifications of the unidentified online criminals making use of the Avaddon ransomware. This ransomware had been used against foreign companies, the U.S, healthcare agencies and manufacturing organizations. 

“Avaddon ransomware actors have compromised victims through remote-access login credentials. … After [they] gain access to a victim’s network, they map the network and identify backups for deletion and/or encryption,” the FBI said.

“… The actors threaten to leak the victims’ data toThe Onion Router (TOR) network unless their ransom demand is paid in virtual currency within days of infection. Avaddon’s extortion tactics progress from a warning to a partial data leak and, finally, to a full data leak of all exfiltrated files,” it said.

The countries that had been the victim of the Avaddon attacks included the United States, Europe and different Latin American countries like Chile, Peru, Brazil and Costa Rica. 

The cyberattack on the Lotenal is marked as the second on a federal government agency since late 2018 since President López Obrador took office. Back in 2019, the state oil company Pemex had been targeted in an attack where the attackers had demanded a ransom of about $5 million in Bitcoin (BTC).

Source: Mexico News Daily

Disclaimer: Read the complete disclaimer here.



Please enter your comment!
Please enter your name here