Mexico Walls Off National Lottery Sites After Ransomware DDoS Threat
Access to Mexico’s Lotería Nacional and Pronósticos lottery websites are now blocked to IP addresses outside of Mexico after a ransomware gang threatened to perform denial of service attacks.
Lotería Nacional is the government-run national lottery system of Mexico, operating under Mexico’s Ministry of Finance. Pronósticos is the program made by Loteria Nacional where Mexicans can bet on games of chance or sports.
Yesterday, the Avaddon ransomware operation stated that they successfully conducted an attack on ‘Pronosticos Deportivo,’ where they claim to have stolen data and then encrypted the devices. The ransomware gang also threatened to release more documents and to DDoS the victim’s website if negotiations did not begin within 240 hours.
As part of this announcement, the ransomware gang leaked screenshots of what they claim are documents stolen during the attack whose letterhead is for Lotería Nacional and Pronósticos.
Lotería Nacional and Pronósticos sites walled off
When we learned of this alleged attack last night, we could access the site Lotería Nacional (https://www.lotenal.gob.mx/) and Pronósticos (https://www.pronosticos.gob.mx/).https://www.ad-sandbox.com/static/html/sandbox.html
However, today, these sites are no longer accessible to IP addresses outside of Mexico, and connections to the site will now time out, as shown below.
Once BleepingComputer switched to a VPN using an IP address in Mexico, we were again able to access the sites.
It is believed that the Mexican government has intentionally walled off the Lotería Nacional and Pronósticos websites to prevent the distributed denial of service (DDoS) attacks by the Avaddon ransomware gang.
As DDoS attacks are usually conducted from devices worldwide, it is hard to mitigate them due to the wide and varied legal jurisdiction of the countries where these devices reside. By blocking international access to the Mexican lottery sites, the government can effectively mitigate the attacks and easily block any devices in Mexico that may be part of the attack.
If so, this is an interesting mitigation to a DDoS attack that BleepingComputer has not seen performed in the past by a government.