The Lotería Nacional and Pronósticos sites have shut access to any IP address outside Mexico, following a troublesome encounter with the Avaddon ransomware gang. The sites are still accessible via VPN, but based on what we see on the Avaddon leaks portal, they may not remain up for much longer, as the hackers are threatening to DDoS them ten days from now. The entity is a government-run national lottery system, so the attack isn’t against a private company but a national economic resource.
The actors have already posted several contracts and agreements ranging from 2009 to 2021, including legal documents, correspondence, finance, notarial data, outsourcing details, and more. They claim that the lottery agency isn’t willing to cooperate with them, and so they’re leaking these first samples as a warning of what’s to follow if they don’t get a positive response soon. Here are some blurred samples taken from Avaddon’s data leak portal.
Blocking access to foreign IP addresses is an interesting approach when it comes to defending against DDoS attacks, as we doubt that Avaddon would be able to contract Mexican hackers to launch them. After all, Mexico’s lottery services shouldn’t be of any interest to foreigners, so the practical damage from this approach is minimal, if not totally negligible.
Avaddon continues to be one of the most prolific ransomware gangs of 2021, hitting a large number of small to medium-sized organizations and occasionally bringing down some more notable entities like the Mexican Lotería Nacional. Lottery companies are obviously making astronomical amounts of money, especially in countries plagued by high poverty rates like Mexico, where one-third of the population has to live with less than $5 a day.
For now, though, it looks like the Mexican government isn’t willing to “share” anything with Avaddon, so they’re shutting them out. We don’t know what the amount of money asked as ransom is, but it should be a jaw-dropping figure for sure.