Sorry, you need to enable JavaScript to visit this website.

Russian hacking cyberattack, Conti ransomware attacks Costa Rica government

Russian hacking cyberattack, Conti ransomware attacks Costa Rica government
The government says hackers who said they worked for Conti broke into Costa Rica's Ministry of Finance. From there, the ransomware spread to other agencies.
Costa Rican government agencies are being attacked by a group of Russian hackers.

A group of Russian hackers attacked the government of Costa Rica in a very unusual way. So far, the attack has stopped tax collection and exports for more than a month and caused the country to declare a state of emergency.

The attack, which started on April 12, was blamed on the Russian ransomware group Conti, which has threatened to release the stolen information unless it is paid $20 million. Experts who follow Conti's movements say that the group has recently started to shift its focus from the U.S. and Europe to countries in Central and South America. They think this is to get back at countries that have helped Ukraine.

Some experts also think that Conti was afraid of a crackdown by the US and was looking for new targets, no matter what their politics were. According to estimates from the Federal Bureau of Investigation, the group is behind more than 1,000 ransomware attacks around the world that have brought in more than $150 million.

Juan Andres Guerrero-Saade, a principal threat researcher at SentinelOne, said, "The ransomware cartels figured out that multinationals in the U.S. and Western Europe are less likely to blink if they need to pay some ungodly sum to get their business running again." "But you're going to run out of room at some point."

No matter what caused the change, the hack showed that Conti was still acting aggressively, even though some people thought the gang might break up after it was hacked in the early days of Russia's war on Ukraine. After the invasion, the criminal group said it would back Russia. It usually goes after businesses and local government agencies, breaking into their systems, encrypting their data, and demanding a ransom to get it back.

Russian hacking cyberattack, Conti ransomware attacks Costa Rica government

Brett Callow, a threat analyst at Emsisoft, said that the hacking in Costa Rica "could be the most important ransomware attack to date."

"This is the first time I can think of that a ransomware attack led to a national emergency," he said.

Costa Rica said that it was not going to pay the ransom.

The hacking campaign happened after the election for president of Costa Rica, and it was quickly used as a political weapon. In its first official news releases, the previous government played down the attack, calling it a "technical problem" to give the impression of stability and calm. But Rodrigo Chaves, the new president, started his job by declaring a national emergency.

During a news conference on Monday, Mr. Chaves said, "We are at war." He said that the ransomware attack had hurt 27 government agencies, and nine of them very much.

According to Mr. Chaves's office, the attack began on April 12 when hackers who said they worked for Conti broke into Costa Rica's Ministry of Finance, which is in charge of the country's tax system. The government said this month that the ransomware spread from there to other agencies that deal with technology and communications.

Two former Ministry of Finance employees who were not allowed to talk to the press said that hackers were able to get into taxpayers' information and stop Costa Rica from collecting taxes. This caused the agency to have to shut down some databases and use a system that is almost 15 years old to store money from its biggest taxpayers. Most of the country's tax money comes from a small group of about a thousand big taxpayers. This means that Costa Rica can keep collecting taxes.

The country also depends on exports, but the cyberattack meant that customs agents could only do their jobs on paper. While the investigation and recovery are going on, Costa Rican taxpayers can't use online services to file their tax returns. Instead, they have to go to a bank and do it in person.

Mr. Chaves used to work for the World Bank and be the finance minister. He has promised to change the way politics work. In response to the cyberattack, his government declared a state of emergency this month, saying that it was "unprecedented in the country."

In its emergency declaration, Mr. Chaves's government said, "We are facing a situation of unavoidable disaster, of public calamity and internal and abnormal commotion that the government cannot control without extraordinary measures."

The government said that because of the state of emergency, agencies can move more quickly to fix the problem. But cybersecurity experts said it could take months to get some of the data back, and the government might never get all of its data back. Researchers say that the government may have backups of some of the information it has on taxpayers, but it would take some time for those backups to become available online, and the government would first have to make sure Conti no longer has access to its systems.

Even if you paid the ransom, Conti and other ransomware groups have been known to hold on to the data even after getting paid.

Mr. Callow said, "They could lose all of their data permanently if they don't pay the ransom, which they have said they don't plan to do, or if they don't have backups that will let them get their data back."

When Costa Rica didn't pay the ransom, Conti started threatening to leak its data online by posting some files it said contained stolen information.

"You can't look at the decisions made by the government of Costa Rica's president without seeing irony," the group wrote on its website. "If they had paid, none of this would have happened."

On Saturday, Conti raised the stakes by saying that if it didn't get paid in a week, it would delete the keys to get the data back.

"The part of the attack that really hurts governments, intelligence agencies, and diplomatic circles isn't the ransomware. SentinelOne's Mr. Guerrero-Saade said, "It's the data leak." "You're in a situation where someone else probably has access to very sensitive information."

The breach, along with other attacks by Conti, led the U.S. State Department and the government of Costa Rica to offer a $10 million reward to anyone who could help find the key leaders of the hacking group.

Ned Price, a spokesman for the State Department, said in a statement, "The group used ransomware to attack the government of Costa Rica, which disrupted the country's customs and tax platforms and had a big effect on its foreign trade." "By offering this reward, the United States shows that it wants to keep cybercriminals from taking advantage of potential ransomware victims around the world."

Shariff share buttons