Ransomware Attack Disrupts Popular Sports Gambling Sites

On May 14, 2018, the Supreme Court lifted the federal ban on sports gambling.  Since then, twenty-two states, as well as Washington D.C. have allowed, or plan to allow, sports gambling to take place in some form (Pennsylvania being one of them).  If you live in a state like Pennsylvania, you are able to wager through mobile apps.  FanDuel and Draftkings are the two biggest providers of mobile gambling.  These sites have also run daily fantasy sports contests long before 2018. 

If you were using these sites to place bets or play in any of their daily fantasy contests the weekend of 10/9/2020, you may have noticed that stats and scores for games were not updating.  This is because the stat provider, Stats Perform, was hit with ransomware.  Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.  Stats Perform spent a week rebuilding their servers and had issues leak into a second week as well.

The outage did not just affect those two sites.  It caused disruptions in other fantasy sites around the country.  Live scoring and stats updates for some sites without backup plans were down for around 10 days.  Stats Perform did not respond to multiple requests to comment from website US Bets, nor offered any public statement since the outage. They have made just one post on their twitter account since the incident, promoting an upcoming webinar for its AI in Sport Series. 

This outage has highlighted a multitude of cybersecurity issues that can take place for companies, especially technology driven companies.  An organization needs to be ready for an attack like this.  Proper incident management preparation can help in cases with Ransomware and other cyber-attacks.  While proper cyber hygiene measures should be taken to try to prevent such attacks, companies need to be ready to respond in a swift and strong manor when an incident occurs. 

As for the companies who were affected by the outage, this spotlights potential issues with disaster recovery and third party risk management.  Organizations should always have backup plans and redundancies in place to be prepared when an outage like this occurs.  If there is an IT disruption within an organization, they should always be prepared and have disaster recovery procedures in place to limit outages.  Companies should also be evaluating all third parties to understand the likelihood and impact of breaches and outages with their vendors.

Schneider Downs offers a number of services to help organizations with business continuity and disaster planning, and third party risk management through our IT Audit and Cybersecurity practices. Learn more about our services with the links below.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected]

In addition, our Incident Response Team is available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
How To Scope a SOC 2 Audit
Do I Need a SOC 2 Type 1 Before a SOC 2 Type 2?
Why Do CPA Firms Perform SOC 2 Audits?
What Financial Institutions Need to Know About R-SAT
Fact or Fiction: SOC 2
Cybersecurity BY Gary Muggli
NIST Introduces NISTIR 8374 to Tackle Ransomware Risk Management
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us
Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

[email protected]
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

[email protected]
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102

[email protected]
p:571.380.9003

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×