Mexican Lottery Blocks Access to Foreign IPs Following Avaddon Ransomware Attack

Written by Bill Toulas
Last updated September 17, 2021

The Lotería Nacional and Pronósticos sites have shut access to any IP address outside Mexico, following a troublesome encounter with the Avaddon ransomware gang. The sites are still accessible via VPN, but based on what we see on the Avaddon leaks portal, they may not remain up for much longer, as the hackers are threatening to DDoS them ten days from now. The entity is a government-run national lottery system, so the attack isn’t against a private company but a national economic resource.

The actors have already posted several contracts and agreements ranging from 2009 to 2021, including legal documents, correspondence, finance, notarial data, outsourcing details, and more. They claim that the lottery agency isn’t willing to cooperate with them, and so they’re leaking these first samples as a warning of what’s to follow if they don’t get a positive response soon. Here are some blurred samples taken from Avaddon’s data leak portal.

Scroll to the left
Scroll to the right

Blocking access to foreign IP addresses is an interesting approach when it comes to defending against DDoS attacks, as we doubt that Avaddon would be able to contract Mexican hackers to launch them. After all, Mexico’s lottery services shouldn’t be of any interest to foreigners, so the practical damage from this approach is minimal, if not totally negligible.

Avaddon continues to be one of the most prolific ransomware gangs of 2021, hitting a large number of small to medium-sized organizations and occasionally bringing down some more notable entities like the Mexican Lotería Nacional. Lottery companies are obviously making astronomical amounts of money, especially in countries plagued by high poverty rates like Mexico, where one-third of the population has to live with less than $5 a day.

For now, though, it looks like the Mexican government isn’t willing to “share” anything with Avaddon, so they’re shutting them out. We don’t know what the amount of money asked as ransom is, but it should be a jaw-dropping figure for sure.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: