Cyber attack causes chaos in Costa Rica government systems

Apr 22, 2022, 9:45 AM | Updated: 10:15 am

SAN JOSE, Costa Rica (AP) — Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information.

The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin.

The Finance Ministry was the first to report problems Monday. A number of its systems have been affected from tax collection to importation and exportation processes through the customs agency. Attacks on the social security agency’s human resources system and on the Labor Ministry, as well as others followed.

The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.

Conti had not published a specific ransom amount, but Costa Rica President Carlos Alvarado said, “The Costa Rican state will not pay anything to these cybercriminals.” A figure of $10 million circulated on social media platforms, but did not appear on Conti’s site.

Costa Rican businesses fretted over confidential information provided to the government that could be published and used against them, while average citizens worried that personal financial information could be used to clean out their bank accounts.

Allan Liska, an intelligence analyst with security firm Recorded Future, said that Conti was pursuing a double extortion: encrypting government files to freeze agencies’ ability to function and posting stolen files to the group’s extortion sites on the dark web if a ransom wasn’t paid.

The first part can often be overcome if the systems have good backups, but the second is trickier depending on the sensitivity of the stolen data, he said.

Conti typically rents out its ransomware infrastructure to “affiliates” who pay for the service. The affiliate attacking Costa Rica could be anywhere in the world, Liska said.

A year ago, a Conti ransomware attack forced Ireland’s health system to shut down its information technology system, cancelling appointments, treatments and surgeries.

Last month, Conti pledged its services in support of Russia’s invasion of Ukraine. The move angered cybercriminals sympathetic to Ukraine. It also prompted a security researcher who had long been surveilling Conti to leak a massive trove of internal communications among some Conti operators.

Asked why Central America’s most stable democracy, known for its tropical wildlife and beaches, would be a target of hackers, Liska said the motivation usually has more to do with weaknesses. “They’re looking for specific vulnerabilities,” he said. “So the most likely explanation is that Costa Rica had a number of vulnerabilities and one of the ransomware actors discovered these vulnerabilities and was able to exploit it.”

Brett Callow, a ransomware analyst at Emsisoft, said he looked at one of the leaked files from the Costa Rican finance ministry and “there doesn’t seem to be much doubt that the data is legit.”

On Friday, Conti’s extortion site indicated it had published 50% of the stolen data. It said it included more than 850 gigabytes of material from Finance Ministry and other institutions’ databases. “This is all ideal for phishing, we wish our colleagues from Costa Rica good luck in monetizing this data,” it said.

That seemed to contradict Alvarado’s assertion that the attack was not about money.

“My opinion is that this attack is not a money issue, but rather looks to threaten the country’s stability in a transition point,” he said, referring to his outgoing administration and the swearing in of Costa Rica’s new president May 8. “They will not achieve it.”

Alvarado did allude to the possibility that the attack was motivated by Costa Rica’s public rejection of Russia’s invasion of Ukraine. “You also can’t separate it from the complex global geopolitical situation in a digitalized world,” he said.

__

AP writer Frank Bajak in Boston contributed to this report. Sherman reported from Mexico City.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

FILE - A Northwell Health registered nurse fills a syringe with a COVID-19 vaccine at a pop up vacc...
Associated Press

Tweaked COVID boosters in US must target newer omicron types

U.S. regulators told COVID-19 vaccine makers Thursday that any booster shots tweaked for the fall will have to add protection against the newest omicron relatives. The Food and Drug Administration said the original vaccines would be used for anyone still getting their first series of shots. But with immunity waning and the super-contagious omicron family […]
10 hours ago
FILE - A man from Nicaragua sits at a shelter for migrants, April 21, 2022, in Tijuana, Mexico. The...
Associated Press

Supreme Court: Biden properly ended Trump-era asylum policy

WASHINGTON (AP) — The Supreme Court ruled on Thursday that the Biden administration properly ended a Trump-era policy forcing some U.S. asylum-seekers to wait in Mexico. The justices’ 5-4 decision for the administration came in a case about the “Remain in Mexico” policy under President Donald Trump. Chief Justice John Roberts wrote the decision and […]
10 hours ago
Associated Press

Cyberattack disrupts unemployment benefits in some states

NASHVILLE, Tenn. (AP) — A cyberattack on a software company has disrupted unemployment benefits and job seeking assistance for thousands of people in several states. In Tennessee, the website for unemployment benefits remained down Thursday morning after the vendor, Geographic Solutions Inc., told the state Sunday that service would be interrupted. Some 12,000 Tennesseans rely […]
10 hours ago
Security works outside of the Supreme Court, Thursday, June 30, 2022, in Washington. (AP Photo/Jacq...
Associated Press

Supreme Court says several gun cases deserve a new look

WASHINGTON (AP) — The Supreme Court said Thursday that gun cases involving restrictions in Hawaii, California, New Jersey and Maryland deserve a new look following its major decision in a gun case last week. In light of last week’s ruling — which said that Americans have a right to carry a gun outside the home […]
10 hours ago
Associated Press

Man suspected of shooting 2 Alabama deputies captured

CENTREVILLE, Ala. (AP) — A man suspected of shooting two Alabama deputies, critically wounding one of them, has been captured, a prosecutor said. District Attorney Michael Jackson said Austin Hall,26, was captured in the same county where the shooting occurred. The shooting happened Wednesday afternoon in Bibb County. Two deputies were chasing a suspect in […]
10 hours ago
Associated Press

Mary J. Blige is next artist in Apple Music concert series

NEW YORK (AP) — Mary J. Blige’s 2022 is going pretty well. Her new album landed in the top 10 of Billboard’s R&B/Hip-Hop Albums chart, and she was featured at the Super Bowl halftime show. Now she’s been tapped for a concert like no other. Blige will host a one-night-only live performance to celebrate her […]
10 hours ago

Sponsored Articles

...
Day & Night Air Conditioning, Heating and Plumbing

Most plumbing problems can be fixed with regular maintenance

Instead of waiting for a problem to happen, experts suggest getting a head start on your plumbing maintenance.
...
Day & Night Air

Tips to lower your energy bill in the Arizona heat

Does your summer electric bill make you groan? Are you looking for effective ways to reduce your bill?
...
Christina O’Haver

BE FAST to spot a stroke

Every 40 seconds—that’s how often someone has a stroke in the United States. It’s the fifth leading cause of death among Americans, with someone dying of a stroke every 3.5 minutes.
Cyber attack causes chaos in Costa Rica government systems