Ohio Lottery cybersecurity incident: Hackers demanded money | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Ed Gallek and Peggy Gallek

45 mins ago

CLEVELAND (WJW) – The FOX 8 I-Team has found hackers demanded money when they got into computers with the Ohio Lottery Commission.

Since last year, Ohio Lottery only called it a “cybersecurity incident.” Now, the I-Team has learned what happened during the December incident.

Kirk Herath, Ohio cybersecurity systems advisor, told the I-Team Tuesday that the hackers put a freeze on some office systems and got into some personal information of lottery customers.

When asked how the hackers were able to get into the system and what they wanted, Herath said he could not give us specific details.

“They were very clear with what they were looking for,” Herath said. “It effectively encrypted our back office system.”

For weeks, the Ohio Lottery has told the I-Team what happened is under investigation. But the lottery has told us it didn’t have any initial incident report. The lottery commission also told us it did not have any reports filed with federal, state or local law enforcement.

Now, Herath tells us the FBI and other agencies were contacted.

Investigators have determined what happened, but they admit they may never identify the hackers.

“There are criminals that do this,” Herath said. “But this is a cyber war. These are nation-state actors. China, Russia, North Korea. So, it’s unlikely that we’ll ever find out who did this.”

We are told the state did not pay any ransom. Technicians rebuilt the computer system that had been hacked.

The attack caused some delays in lottery winners getting payouts, but the state says games were not affected.

We asked what steps have been taken to prevent something like this from happening again.

“Nothing’s perfect. I can’t assure you there won’t be another incident in the State of Ohio,” Herath said. “We’ve rebuilt the entire back office and we’ve done risk assessments.”


Click Here For The Original Story From This Source.


National Cyber Security