Cyber attack causes chaos in Costa Rica government systems

Almost a week into a ransomware attack that has maimed Costa Rican government computer system systems, the country refuses to pay a ransom as it struggles to implement workarounds and braces itself as hackers start publishing stolen informationBy JAVIER CÓRDOBA and CHRISTOPHER SHERMAN Associated PressApril 22, 2022, 4:45 PM – 4 minutes readShare to FacebookShare to TwitterEmail this articleSAN JOSE, Costa Rica– Nearly a week into a ransomware attack that has maimed Costa Rican federal government computer system systems, the country refused to pay a ransom as it struggled to execute workarounds and braced itself as hackers started publishing stolen information.The Russian-speaking Conti gang declared duty for the attack, however the Costa Rican federal government had actually not validated its origin.The Finance Ministry was the very first to report issues Monday. The affiliate assaulting Costa Rica could be anywhere in the world, Liska said.A year back, a Conti ransomware attack forced Irelands health system to shut down its information innovation system, cancelling visits, treatments and surgeries.Last month, Conti promised its services in assistance of Russias intrusion of Ukraine.”My opinion is that this attack is not a cash problem, however rather looks to threaten the nations stability in a transition point,” he said, referring to his outgoing administration and the swearing in of Costa Ricas brand-new president May 8.

Nearly a week into a ransomware attack that has maimed Costa Rican federal government computer systems, the country declines to pay a ransom as it has a hard time to implement workarounds and braces itself as hackers start publishing taken informationBy JAVIER CÓRDOBA and CHRISTOPHER SHERMAN Associated PressApril 22, 2022, 4:45 PM – 4 minutes readShare to FacebookShare to TwitterEmail this articleSAN JOSE, Costa Rica– Nearly a week into a ransomware attack that has actually crippled Costa Rican government computer systems, the nation declined to pay a ransom as it struggled to implement workarounds and braced itself as hackers started releasing taken information.The Russian-speaking Conti gang declared obligation for the attack, but the Costa Rican federal government had actually not confirmed its origin.The Finance Ministry was the very first to report issues Monday. A number of its systems have actually been affected from taxation to importation and exportation processes through the customizeds company. Attacks on the social security firms personnels system and on the Labor Ministry, as well as others followed.The preliminary attack forced the Finance Ministry to shut down for several hours the system accountable for the payment of an excellent part of the nations public employees, which also handles government pension payments. It likewise has had to give extensions for tax payments.Conti had actually not released a specific ransom quantity, but Costa Rica President Carlos Alvarado stated, “The Costa Rican state will not pay anything to these cybercriminals.” A figure of $10 million flowed on social networks platforms, however did not appear on Contis site.Costa Rican businesses worried over secret information provided to the federal government that might be published and utilized versus them, while typical people stressed that personal monetary details could be utilized to clear out their bank accounts.Allan Liska, an intelligence analyst with security firm Recorded Future, stated that Conti was pursuing a double extortion: encrypting federal government files to freeze firms capability to function and publishing stolen files to the groups extortion sites on the dark web if a ransom wasnt paid.The first part can typically be conquered if the systems have great backups, but the 2nd is trickier depending on the sensitivity of the taken information, he said.Conti generally rents its ransomware infrastructure to “affiliates” who pay for the service. The affiliate attacking Costa Rica might be throughout the world, Liska said.A year back, a Conti ransomware attack forced Irelands health system to shut down its info technology system, cancelling consultations, treatments and surgeries.Last month, Conti pledged its services in assistance of Russias invasion of Ukraine. The move outraged cybercriminals sympathetic to Ukraine. It also triggered a security scientist who had long been surveilling Conti to leakage a massive trove of internal interactions amongst some Conti operators.Asked why Central Americas most steady democracy, known for its tropical wildlife and beaches, would be a target of hackers, Liska stated the inspiration usually has more to do with weak points. “Theyre searching for particular vulnerabilities,” he stated. “So the most likely explanation is that Costa Rica had a variety of vulnerabilities and one of the ransomware stars found these vulnerabilities and had the ability to exploit it.”Brett Callow, a ransomware expert at Emsisoft, said he took a look at one of the dripped files from the Costa Rican financing ministry and “there doesnt seem to be much doubt that the data is legit.”On Friday, Contis extortion website suggested it had published 50% of the taken data. It said it included more than 850 gigabytes of product from Finance Ministry and other institutions databases. “This is all ideal for phishing, we want our coworkers from Costa Rica great luck in monetizing this data,” it said.That appeared to contradict Alvarados assertion that the attack was not about cash.”My opinion is that this attack is not a money problem, however rather aims to threaten the nations stability in a shift point,” he said, describing his outgoing administration and the swearing in of Costa Ricas brand-new president May 8. “They will not achieve it.”Alvarado did allude to the possibility that the attack was motivated by Costa Ricas public rejection of Russias invasion of Ukraine. “You also cant separate it from the complex international geopolitical circumstance in a digitalized world,” he stated.—- AP author Frank Bajak in Boston contributed to this report. Sherman reported from Mexico City.