Cyber attack causes chaos in Costa Rica government systems

Apr 21, 2022, 9:45 PM | Updated: Apr 22, 2022, 11:49 am

SAN JOSE, Costa Rica (AP) — Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information.

The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin.

The Finance Ministry was the first to report problems Monday. A number of its systems have been affected from tax collection to importation and exportation processes through the customs agency. Attacks on the social security agency’s human resources system and on the Labor Ministry, as well as others followed.

The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.

Conti had not published a specific ransom amount, but Costa Rica President Carlos Alvarado said, “The Costa Rican state will not pay anything to these cybercriminals.” A figure of $10 million circulated on social media platforms, but did not appear on Conti’s site.

Costa Rican businesses fretted over confidential information provided to the government that could be published and used against them, while average citizens worried that personal financial information could be used to clean out their bank accounts.

Christian Rucavado, executive director of Costa Rica’s Exporters Chamber, said the attack on the customs agency had collapsed the country’s import and export logistics. He described a race against the clock for perishable items waiting in cold storage and said they still didn’t have an estimate for the economic losses. Trade was still moving, but much more slowly.

“Some borders have delays because they’re doing the process manually,” Rucavado said. “We have asked the government for various actions like expanding hours so they can attend to exports and imports.”

He said normally Costa Rica exports a daily average of $38 million in products.

Allan Liska, an intelligence analyst with security firm Recorded Future, said that Conti was pursuing a double extortion: encrypting government files to freeze agencies’ ability to function and posting stolen files to the group’s extortion sites on the dark web if a ransom wasn’t paid.

The first part can often be overcome if the systems have good backups, but the second is trickier depending on the sensitivity of the stolen data, he said.

Conti typically rents out its ransomware infrastructure to “affiliates” who pay for the service. The affiliate attacking Costa Rica could be anywhere in the world, Liska said.

A year ago, a Conti ransomware attack forced Ireland’s health system to shut down its information technology system, cancelling appointments, treatments and surgeries.

Last month, Conti pledged its services in support of Russia’s invasion of Ukraine. The move angered cybercriminals sympathetic to Ukraine. It also prompted a security researcher who had long been surveilling Conti to leak a massive trove of internal communications among some Conti operators.

Asked why Central America’s most stable democracy, known for its tropical wildlife and beaches, would be a target of hackers, Liska said the motivation usually has more to do with weaknesses. “They’re looking for specific vulnerabilities,” he said. “So the most likely explanation is that Costa Rica had a number of vulnerabilities and one of the ransomware actors discovered these vulnerabilities and was able to exploit it.”

Brett Callow, a ransomware analyst at Emsisoft, said he looked at one of the leaked files from the Costa Rican finance ministry and “there doesn’t seem to be much doubt that the data is legit.”

On Friday, Conti’s extortion site indicated it had published 50% of the stolen data. It said it included more than 850 gigabytes of material from Finance Ministry and other institutions’ databases. “This is all ideal for phishing, we wish our colleagues from Costa Rica good luck in monetizing this data,” it said.

That seemed to contradict Alvarado’s assertion that the attack was not about money.

“My opinion is that this attack is not a money issue, but rather looks to threaten the country’s stability in a transition point,” he said, referring to his outgoing administration and the swearing in of Costa Rica’s new president May 8. “They will not achieve it.”

Alvarado did allude to the possibility that the attack was motivated by Costa Rica’s public rejection of Russia’s invasion of Ukraine. “You also can’t separate it from the complex global geopolitical situation in a digitalized world,” he said.

__

AP writer Frank Bajak in Boston contributed to this report. Sherman reported from Mexico City.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Arby's - LEHI, UT - OCTOBER 26: Exterior view of an Arby's restaurant on October 26, 2017 in Lehi, ...
Associated Press

Ex-Arby’s manager in Vancouver, Wash. sentenced after urinating in milkshake mix

A former manager at an Arby’s restaurant admitted to possessing child pornography and urinated into a milkshake mix
13 hours ago
Associated Press

California woman charged with killing man over cat dispute

SANTA ANA, Calif. (AP) — Authorities have charged a California woman with killing a man by ramming her car into him after accusing him of trying to run over a cat in the street. Hannah Star Esser, 20, was charged with one count of murder in the death of 43-year-old Luis Anthony Victor and detained […]
13 hours ago
Associated Press

3 in Texas charged with trying to smuggle migrants by air

MCALLEN, Texas (AP) — Three people have been arrested and accused of trying to transport smuggled migrants into the interior of the United States by air, bypassing Border Patrol checkpoints, according to court records. Court documents show that James Martinez, Luis Armando Lopez-Alvarado and Desiree Love Rodarte were charged with human smuggling and human smuggling […]
13 hours ago
Associated Press

Judge: R. Kelly to pay $300,000 to victim in sex crimes case

NEW YORK (AP) — A federal judge signaled Wednesday that she plans to order disgraced R&B superstar R. Kelly to pay more than $300,000 to one his victims in a decades-long scheme to use his fame to sexually abuse young fans. A restitution order by U.S. District Judge Ann Connelly that was still being finalized […]
13 hours ago
Associated Press

UN envoy: Israel defies UN resolution on halting settlements

UNITED NATIONS (AP) — Israel continued its defiance of a 2016 U.N. Security Council resolution demanding an immediate halt to all settlement activity in lands the Palestinians want for their future state, advancing plans for construction of nearly 2,000 housing units in the last three months, the U.N. Mideast envoy said Wednesday. Tor Wennesland told […]
13 hours ago
A commercial building sits empty in Sacramento, Calif., Thursday, Sept. 22, 2022. Two new laws in C...
Associated Press

California governor signs laws to boost housing production

SACRAMENTO, Calif. (AP) — They’ve become a familiar sight along the wide commercial corridors of America — empty buildings once filled by big retailers who have closed their doors, in part because many of their customers shop online. Now, two new laws in California would let developers build housing on that land and largely prevent […]
13 hours ago

Sponsored Articles

Anacortes Christmas Tree...

Come one, come all! Food, Drink, and Coastal Christmas – Anacortes has it all!

Come celebrate Anacortes’ 11th annual Bier on the Pier! Bier on the Pier takes place on October 7th and 8th and features local ciders, food trucks and live music - not to mention the beautiful views of the Guemes Channel and backdrop of downtown Anacortes.
Swedish Cyberknife Treatment...

The revolutionary treatment of Swedish CyberKnife provides better quality of life for majority of patients

There are a wide variety of treatments options available for men with prostate cancer. One of the most technologically advanced treatment options in the Pacific Northwest is Stereotactic Body Radiation Therapy using the CyberKnife platform at Swedish Medical Center.
Work at Zum Services...

Seattle Public Schools announces three-year contract with Zum

Seattle Public Schools just announced a three-year contract with a brand-new company to the Pacific Northwest to assist with their student transportation: Zum.
Swedish Cyberknife 900x506...

June is Men’s Health Month: Here’s Why It’s Important To Speak About Your Health

According to the Centers for Disease Control and Prevention, men in the United States, on average, die five years earlier than women.
...

Anacortes – A Must Visit Summertime Destination

While Anacortes is certainly on the way to the San Juan Islands (SJI), it is not just a destination to get to the ferry… Anacortes is a destination in and of itself!
...

Ready for your 2022 Alaskan Adventure with Celebrity Cruises?

Celebrity Cruises SPONSORED — A round-trip Alaska cruise from Seattle is an amazing treat for you and a loved one. Not only are you able to see and explore some of the most incredible and visually appealing natural sights on the planet, but you’re also able to relax and re-energize while aboard a luxury cruise […]
Cyber attack causes chaos in Costa Rica government systems