Ohio Lottery forced to disconnect ‘key’ systems after cyberattack

The Ohio Lottery said it was forced to disconnect several “key” systems in order to contain a cyberattack that affected how it pays out some prizes.

The organization did not respond to requests for comment about whether it was a ransomware attack but posted a message on its website saying an investigation into the incident is “in its early stages and is ongoing.”

“The Ohio Lottery recently experienced a cybersecurity event affecting our computer systems,” officials said, adding that they “took precautionary steps to protect our environment.”

“We are working as quickly as we can to determine the scope and impact of the incident.”

Winning numbers for several games – including KENO, Lucky One and the EZPLAY Progressive jackpots — are not available as a result of the attack. Other winning numbers will be updated through the Ohio Lottery social media sites.

In the notice and on Facebook, the organization warned that prizes up to $599 can be cashed out at any Ohio Lottery Retailer location but claims over $600 will have to be mailed to the central office or claimed using a digital form.

Officials said the public will be notified once prizes greater than $599 can be cashed out at local retailers.

Local news outlets reported that the incident began on December 21 but others said the incident was discovered on December 24.

“The integrity of our games is the top priority of the Lottery, and we assure the public the gaming system is fully operational,” they said in an earlier statement. “We apologize for the inconvenience and are working as quickly as possible to restore all services.”

On Wednesday afternoon, the DragonForce hacking group claimed the attack, alleging to have more than 94GB of data. The group recently emerged in the last month and took credit for a cyberattack on probiotic milk drink manufacturer Yakult Australia.

In 2022, Ohio Lottery players won $2.8 billion in prizes. The Ohio Lottery Commission was created in 1973.

Several Ohio-based organizations connected to local governments in the state have been targeted by ransomware gangs over the last two years. Last month, the city of Huber Heights suffered a ransomware attack that harmed several critical systems.

One of the state's oldest historical societies was hit with a ransomware attack that leaked the sensitive information of thousands in July.

The Cuyahoga Metropolitan Housing Authority in Cleveland had data stolen during a ransomware attack in 2021, while the state’s largest oil producer was attacked by the AlphV ransomware group in February. The city of Mount Vernon said its police department, municipal court and other government offices were affected by a ransomware attack that started on December 19 while the town of Circleville reported its own ransomware incident in January.