Mexico’s national lottery websites, Lotería Nacional and Pronósticos, have been blocked to visitors outside of Mexico after being targeted in a ransomware attack.
Loteria Nacional is a government-run lottery system in Mexico operating under the Ministry of Finance.
Yesterday, the Avaddon ransomware group claimed to have successfully hacked the Pronosticos Deportivo website. They said they stole data and encrypted the devices.
The ransomware gang released screenshots of what they claimed were documents stolen during the attack. The threat actors claimed to have encrypted the devices, too. The gang also threatened to DDoS the website if negotiations did not begin within specified time frames.
The sites of the Lotería Nacional (https://www.lotenal.gob.mx/) and Pronósticos (https://www.pronosticos.gob.mx/) no longer serve IP addresses outside of Mexico. All foreign connections to the site time out.
The campaign was reported by BeepingComputer, a cybersecurity blog. Its researcher Lawrence Abrams commented:
“Once BleepingComputer switched to a VPN using an IP address in Mexico, we were again able to access the sites.”
Hiram Alejandro, the director of information at cybersecurity firm Seekurity confirmed that the websites listed above are only accessible from Mexico’s IP addresses.
It is believed that the Mexican government has blocked the websites of the Lotera Nacional and Pronsticos to prevent the spread of the ransomware attack by Avaddon.
Due to the wide variety of countries where the devices launching distributed denial of service (DDoS) attacks can reside, it is hard to prevent DDoS attacks from happening. The Mexican government has developed an interesting strategy to block off international access to the country’s lottery sites.
This is interesting mitigation that could be performed by a government to prevent a DDoS attack.