Cyber Incident Victim: SBTech
Date:
Mar 2020
Location:
United States of America
Summary
A sports betting and lottery provider experienced a ransomware attack that forced the shutdown of its global data centers, causing a prolonged outage unprecedented in the online gaming industry. Several US-regulated gambling platforms relying on its software remained offline, preventing customer access to funds, while European partners and a state lottery app resumed services earlier. The incident occurred weeks before the company's planned merger with DraftKings, prompting its parent entity to allocate $30 million in cash and stock for potential litigation, with further financial safeguards if claims exceeded that amount. The extended disruption suggested the company resisted ransom demands amid merger negotiations, leading to postponed shareholder meetings but an expected completion of the deal.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 27, 2020, sports betting and lottery technology provider SBTech suffered a cyberattack that forced the shutdown of its global data centers. The incident was identified as a ransomware attack involving cryptoviral extortion, where attackers encrypted files to render systems inaccessible until demands were met. This caused prolonged service disruptions across SBTech's client operations, marking an unprecedented outage duration for the online gambling industry. By April 9, nearly two weeks post-attack, several US-based operators remained offline, including Churchill Downs’ BetAmerica platform, which relied entirely on SBTech’s software for sports betting and casino services. The Golden Nugget and Resorts Atlantic City’s online sports betting operations were also still inoperative, leaving customers unable to access their accounts or funds. In contrast, European partners like MansionBet and the Oregon Lottery’s Scoreboard app had resumed operations by this time, indicating a staggered recovery process. The attack coincided with SBTech’s pending merger with Diamond Eagle Acquisition Corp (DEAC) to form DraftKings, scheduled for completion in April 2020.
SBTech’s response involved resisting ransom demands and working to restore systems, evidenced by the incremental reactivation of services and the extended two-week outage period. DEAC responded to the incident by amending merger terms, requiring SBTech to allocate $30 million in cash and stock to cover potential litigation claims. An SEC filing disclosed that if claims exceeded this amount, DEAC could access an additional $70 million from escrowed funds, with further liabilities falling to SBTech’s existing owners, including majority shareholder Shalom McKenzie. The merger vote, originally set for April 9, was postponed by one week due to the incident, though sources indicated the deal remained on track to close as planned. The attack’s timing ahead of the merger closure suggested perpetrators may have targeted SBTech believing financial pressures would compel ransom payment, but the company’s operational disruptions and DEAC’s financial safeguards demonstrated the incident’s material impact on business continuity and contractual obligations.