Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



Ohio Lottery Hit by Ransomware, Hackers Claim Theft of Employee and Player Data

The DragonForce ransomware group has taken credit for the Ohio Lottery hack, claiming to have stolen millions of data records.

The Ohio Lottery has confirmed being targeted in a cyberattack and a ransomware group claims to have stolen a significant amount of information from the organization’s systems.

The Ohio state lottery informed customers on its website that it has experienced a “cybersecurity event”. The organization assured the public that its gaming system is fully operational, but said it decided to shut down some key systems to contain the incident. 

Tickets can still be purchased, but winning numbers and jackpots for some games are not available on the Ohio Lottery website and mobile app. In addition, the mobile cashing app and Super Retailer locations are not cashing prizes greater than $599 as a result of the incident. 

A seemingly new ransomware group named DragonForce took credit for the attack on December 27. 

The hackers claim to have stolen more than 600 Gb of data from the Ohio Lottery, including databases storing over three million records associated with employees and players. The data allegedly includes names, email and postal addresses, winnings, dates of birth, and social security numbers. 

The cybercriminals published several screenshots to demonstrate their claims. They are threatening to make all the stolen data public in three days, suggesting that the Ohio Lottery is not willing to pay the demanded ransom. 

DragonForce’s leak website currently lists 21 victims. The group has become one of the most active ransomware gangs. 

Related: Ransomware Group Claims 100 Gb of Data Stolen From Nissan

Related: BlackCat Strikes Back: Ransomware Gang “Unseizes” Website, Vows No Limits on Targets

Advertisement. Scroll to continue reading.

Related: Inmate, Staff Information Stolen in Rhode Island Prison Data Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.


Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.