KazPost

Kazakhstan News
Tuesday, Mar 28, 2023

Cyber attack causes chaos in Costa Rica government systems

Cyber attack causes chaos in Costa Rica government systems

Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information.
The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin.

The Finance Ministry was the first to report problems Monday. A number of its systems have been affected from tax collection to importation and exportation processes through the customs agency. Attacks on the social security agency’s human resources system and on the Labor Ministry, as well as others followed.

The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.

Conti had not published a specific ransom amount, but Costa Rica President Carlos Alvarado said, “The Costa Rican state will not pay anything to these cybercriminals.” A figure of $10 million circulated on social media platforms, but did not appear on Conti’s site.

Costa Rican businesses fretted over confidential information provided to the government that could be published and used against them, while average citizens worried that personal financial information could be used to clean out their bank accounts.

Christian Rucavado, executive director of Costa Rica’s Exporters Chamber, said the attack on the customs agency had collapsed the country’s import and export logistics. He described a race against the clock for perishable items waiting in cold storage and said they still didn’t have an estimate for the economic losses. Trade was still moving, but much more slowly.

“Some borders have delays because they’re doing the process manually,” Rucavado said. “We have asked the government for various actions like expanding hours so they can attend to exports and imports.”

He said normally Costa Rica exports a daily average of $38 million in products.

Allan Liska, an intelligence analyst with security firm Recorded Future, said that Conti was pursuing a double extortion: encrypting government files to freeze agencies’ ability to function and posting stolen files to the group’s extortion sites on the dark web if a ransom wasn’t paid.

The first part can often be overcome if the systems have good backups, but the second is trickier depending on the sensitivity of the stolen data, he said.

Conti typically rents out its ransomware infrastructure to “affiliates” who pay for the service. The affiliate attacking Costa Rica could be anywhere in the world, Liska said.

A year ago, a Conti ransomware attack forced Ireland’s health system to shut down its information technology system, cancelling appointments, treatments and surgeries.

Last month, Conti pledged its services in support of Russia’s invasion of Ukraine. The move angered cybercriminals sympathetic to Ukraine. It also prompted a security researcher who had long been surveilling Conti to leak a massive trove of internal communications among some Conti operators.

Asked why Central America’s most stable democracy, known for its tropical wildlife and beaches, would be a target of hackers, Liska said the motivation usually has more to do with weaknesses. “They’re looking for specific vulnerabilities,” he said. “So the most likely explanation is that Costa Rica had a number of vulnerabilities and one of the ransomware actors discovered these vulnerabilities and was able to exploit it.”

Brett Callow, a ransomware analyst at Emsisoft, said he looked at one of the leaked files from the Costa Rican finance ministry and “there doesn’t seem to be much doubt that the data is legit.”

On Friday, Conti’s extortion site indicated it had published 50% of the stolen data. It said it included more than 850 gigabytes of material from Finance Ministry and other institutions’ databases. “This is all ideal for phishing, we wish our colleagues from Costa Rica good luck in monetizing this data,” it said.

That seemed to contradict Alvarado’s assertion that the attack was not about money.

“My opinion is that this attack is not a money issue, but rather looks to threaten the country’s stability in a transition point,” he said, referring to his outgoing administration and the swearing in of Costa Rica’s new president May 8. “They will not achieve it.”

Alvarado did allude to the possibility that the attack was motivated by Costa Rica’s public rejection of Russia’s invasion of Ukraine. “You also can’t separate it from the complex global geopolitical situation in a digitalized world,” he said.
Newsletter

Related Articles

KazPost
Close
0:00
0:00
AOC explains why she opposes banning TikTok
Singapore’s Prime Minister says China and US need to stabilize relations because world can't afford a confict between the two superpowers
Gordon Moore, a co-founder of Intel Corporation, died at 94
Powell: Silicon Valley Bank was an 'outlier'
Donald Trump arrested – Twitter goes wild with doctored pictures
NYPD is setting up barricades outside Manhattan Criminal Court ahead of Trump arrest.
Credit Suisse's Scandalous History Resulted in an Obvious Collapse - It's time for regulators who fail to do their job to be held accountable and serve as an example by being behind bars.
Paris Rioting vs Macron anti democratic law
'Sexual Fantasy' Assignment At US School Outrages Parents
Orbán Viktor: the restructuring of the power relations in the whole of Europe is taking place
Credit Suisse to borrow $54 billion from Swiss central bank
Russian Hackers Preparing New Cyber Assault Against Ukraine
"Will Fly Wherever International Law Allows": US Warns Russia After Drone Incident
China is calling out the US, UK, and Australia on their submarine pact, claiming they are going further down a dangerous road
A brief banking situation report
We are witnessing widespread bank fails and the president just gave a 5 min speech then walked off camera.
Donald Trump's asked by Tucker Carlson question on if the U.S. should support regime change in Russia?.
Elon Musk Is Planning To Build A Town In Texas For His Employees
The Silicon Valley Bank’s collapse effect is spreading around the world, affecting startup companies across the globe
City officials in Berlin announced on Thursday that all swimmers at public pools will soon be allowed to swim topless
Fitness scam
Market Chaos as USDC Loses Peg to USD after $3.3 Billion Reserves Held by Silicon Valley Bank Closed.
Banking regulators close SVB, the largest bank failure since the financial crisis
Silicon Valley Bank: Struggles Threaten Tech Startup Ecosystem"
The unelected UK Prime Minister Rishi Sunak, an immigrant himself, defends new controversial crackdown on illegal migration
Man’s penis amputated by mistake after he’s wrongly diagnosed with a tumour
In a major snub to Downing Street's Silicon Valley dreams, UK chip giant Arm has dealt a serious blow to the government's economic strategy by opting for a US listing
It's the question on everyone's lips: could a four-day workweek be the future of employment?
Is Gold the Ultimate Safe Haven Asset in Times of Uncertainty?
Corruption and Influence Buying Uncovered in International Mainstream Media: Investigation Reveals Growing Disinformation Mercenaries
European MP Clare Daly condemns US attack on Nord Stream
Kamala Harris: "The United States has formally determined that Russia has committed crimes against humanity."
US Joins 15 NATO Nations in Largest Space Data Collection Initiative in History
White House: No ETs over the United States
U.S. Jet Shoots Down Flying Object Over Canada
Nord Stream terror attack: David Sacks breaks down Sy Hersh's story
Being a Tiktoker might be expensive…
SpaceX, the private space exploration company, made a significant breakthrough in their mission to reach space.
China's top tech firms, including Alibaba, Tencent, Baidu, NetEase, and JD.com, are developing their own versions of Open AI's AI-powered chatbot, ChatGPT
This shocking picture, showing how terrible is the results of the earthquake in Turkey
The desk of King Carlos Alberto of Sardinia has many secret compartments
Today's news from Britain - 9th February 2023
The five largest oil companies in the West generated combined profits of nearly $200 billion in 2022, which has led to increased calls for governments to impose tougher windfall taxes
2 earthquakes in Turkey killed over 2,300 people
Turkish photographer Ugur Gallenkus portrays two different worlds within a single image. Brilliant work
Charlie Munger, calls for a ban on cryptocurrencies in the US, following China's lead
EU found a way to use frozen Russian funds
First generation unopened iPhone set to fetch more than $50,000 at auction.
WARNING GRAPHIC CONTENT - US Memphis Police murdering innocent Tyre Nichols
Almost 30% of professionals say they've tried ChatGPT at work
×