Cyberattack causes chaos in gov’t systems
SAN JOSE, Costa Rica (AP):
Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information.
The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin.
The finance ministry was the first to report problems Monday. A number of its systems have been affected, from tax collection to importation and exportation processes through the customs agency. Attacks on the social security agency’s human resources system and on the labor ministry, as well as others, followed.
The initial attack forced the finance ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.
Conti had not published a specific ransom amount, but Costa Rica President Carlos Alvarado said: “The Costa Rican state will not pay anything to these cybercriminals.” A figure of US$10 million circulated on social-media platforms, but did not appear on Conti’s site.
Costa Rican businesses fretted over confidential information provided to the government that could be published and used against them, while average citizens worried that personal financial information could be used to clean out their bank accounts.
Allan Liska, an intelligence analyst with security firm Recorded Future, said that Conti was pursuing a double extortion: encrypting government files to freeze agencies’ ability to function and posting stolen files to the group’s extortion sites on the dark web, if a ransom wasn’t paid.
The first part can often be overcome if the systems have good backups, but the second is trickier, depending on the sensitivity of the stolen data, he said.
Conti typically rents out its ransomware infrastructure to “affiliates” who pay for the service. The affiliate attacking Costa Rica could be anywhere in the world, Liska said.
A year ago, a Conti ransomware attack forced Ireland’s health system to shut down its information technology system, cancelling appointments, treatments and surgeries.
Last month, Conti pledged its services in support of Russia’s invasion of Ukraine. The move angered cybercriminals sympathetic to Ukraine. It also prompted a security researcher who had long been surveilling Conti to leak a massive trove of internal communications among some Conti operators.

