Online Gambling Industry Held to Ransomware

Hand holding banknotes to paying the key from hacker to unlock folder after ransomware attack

At this time last year, the world was waking up to a spate of “ransomware” or “malware” attacks as the WannaCry computer worm hit over 230,000 computers in more than  150 countries.

The WannaCry virus, which targeted Microsoft’s Windows operating system, encrypted data and demanded a ransom in the virtual Bitcoin currency.

In the UK, the National Health Service was particularly badly hit and the newspapers were full of stories about hospitals “grinding to a halt” as doctors were “forced to rely on pens and paper”.

But the UK was far from the worst affected country. Russia, Ukraine, India, and Taiwan were reported to have been even more badly hit by the attack.

The problems didn’t end there. WannaCry was followed by NotPetya, a second ransomware attack, and gradually the damage done by the two attacks became apparent.

WannaCry hit hospitals in the US and the operations of FedEx and Nissan were also affected. NotPetya was even more serious: According to a report in the Guardian, Reckitt Benckiser, maker of Nurofen and Dettol among other products, suffered a £100m ($74m) hit due to disruption of production and missed deliveries in several countries. Even worse damage was suffered by the Danish shipping line Maersk, with estimated losses of $300m thanks to the virus, and a subsequent effect on the worldwide shipping industry.

Online gambling worst hit

But now it appears that the industry worst hit by ransomware, malware, and deliberate denial of service (DDoS) attacks wasn’t health, manufacturing, or shipping, but online gambling.

According to the “2017 Global Threat Intelligence Report” by global cyber-resilience company NTT Security, there was a huge rise in ransomware attacks last year. They were up by 350% and the gambling industry was the target of 20% of those attacks, well ahead of healthcare and manufacturing, each of which was targeted by 12% of the attacks.

Gambling sites have long been the top target for DDoS attacks, typically when a network or system is “flooded” with so many requests for service that it cannot cope and crashes, as happened recently with the online poker site America’s Cardroom. Now it appears that ransomware attacks are also targeting the gambling sector.

Why such an attractive target?

The UK-based betting exchange Betfair has long had a reputation for crashing at vital moments in big sporting events. Was this caused by hundreds of thousands of people wanting to place a bet on the Grand National or by something more malicious? We shall never know but the crashes do illustrate why gambling sites will always be prime targets.

The English FA Cup Final between Manchester United and Chelsea, which will attract a worldwide audience of billions, will take place on Saturday, May 19, at 17:15 UK time. The World Cup final will take place on July 15 and the Super Bowl on February 3, 2020.

Perpetrators of ransomware and DDoS attacks know exactly when online betting sites are at their most vulnerable and when they must be online to maximize revenue and profit. Hitting an online bookmaker when Accrington Stanley kicks off against Luton will have minimal impact, but hitting them when the FA Cup Final kicks off will be significant and potentially catastrophic.

How to avoid losses

Most people reading this article will have an account with an online betting company. The sites we bet with or play poker on will unquestionably come under attack in the future. So what can you do to protect yourself against both the loss of your data and the loss of your cash?

First and foremost, remember the old adage, “If it seems too good to be true, it is too good to be true.” Let me give you a simple example. I have an account with Bet365 in the UK. From time to time, Bet365 sends me a bonus; typically, it is a £5 ($7) free bet. Thank you very much and at the weekend my free bet won me £27.50 ($38). But were Bet365 ever to offer me a £50 ($70) free bet, I would rightly be suspicious because my stakes simply do not justify that level of “reward” and I would not click the link to accept it.

Don’t keep too much cash in your accounts. Yes, it’s great to log on and see a healthy balance; who doesn’t like to be reminded of how astute they are? And yes, there are many safeguards in place to protect your cash. But why take the risk?

Be aware of “phishing” expeditions: “There’s a problem with your account and you just need to log on using this link and verify your account details.” We have all received e-mails like that; they are virtually never genuine.

Lastly, have a proper password: the name of your youngest child followed by her birthday is not adequate. You may love her dearly, but a hacker will have tried Emma19 within five minutes of rolling out of bed.

Taking those steps may still not make you 100% secure. We do get tired, we do get distracted, and sometimes we all click on things we should not click on. But a few simple precautions can go a long way. Sadly we are never going to return to the days when burglars and bank robbers wore masks and stripy jumpers and carried a sack helpfully labeled “swag.”