Website of the Ministry of Finance showing a static message advising of the work to restore service as a result of the attack.
Location
Costa Rica
Date
April 17, 2022
Attack type
Cyberattack
Weapon
Ransomware
Perpetrators
Conti ransomware group, Hive ransomware group
Beginning on the night (UTC-6:00) of April 17, 2022, a ransomware attack began against nearly 30 institutions of the government of Costa Rica, including its Ministry of Finance, the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the National Meteorological Institute, state internet service provider RACSA, the Costa Rican Social Security Fund (Caja Costarricense de Seguro Social, CCSS), the Ministry of Labor and Social Security [es], the Fund for Social Development and Family Allowances, and the Administrative Board of the Municipal Electricity Service of Cartago.[1][2]
The pro-Russian Conti Group claimed the first group of attacks and demanded a US$10 million ransom in exchange for not releasing the information stolen from the Ministry of Finance, which could include sensitive information such as citizens' tax returns and companies operating in Costa Rica.[3][4][5]
As a consequence, the government had to shut down the computer systems used to declare taxes and for the control and management of imports and exports, causing losses to the productive sector on the order of US$30 million per day.[6][7] Likewise, the web pages of the Ministry of Science, Innovation, Technology and Telecommunications were removed from the network.
Costa Rica required technical assistance from the United States, Israel, Spain, and Microsoft, among others, to deal with the cyber attack. The attack consisted of infections of computer systems with ransomware, defacement of web pages, theft of email files and attacks on the Social Security human resources portal, as well as on its official Twitter account.[8][9]
On May 6, 2022, the United States government through the FBI offered a US$10 million reward for information leading to the identification of a person or persons in a leadership position within the Conti Group, and an additional US$5 million for information leading to the capture or conviction, in any country, of individuals who aided or conspired to carry out Conti ransomware attacks.[10][11]
On May 8, 2022, the new president of Costa Rica, Rodrigo Chaves Robles, decreed a state of national emergency due to cyber attacks, considering them an act of terrorism. Days later, at a press conference, he stated that the country was in a state of war[12][13] and that there was evidence that people inside Costa Rica were helping Conti, calling them "traitors" and "filibusters".[14][15]
On May 31, 2022, at dawn, the Hive Ransomware Group carried out an attack against the Costa Rican Social Security Fund, forcing the institution to turn off all of its critical systems, including the Unique Digital Health File and the Centralized Collection System.[16][17] The former stores sensitive medical information of patients using Social Security, while the latter is used to collect the population's insurance fees.[18]
^"Hacienda, Micitt, IMN, Racsa y CCSS atacados por 'hackers', confirma Gobierno". La Nación (in Spanish). Archived from the original on June 1, 2022. Retrieved June 7, 2022.
^"Portal de Recursos Humanos de CCSS sufre ataque cibernético". La Nación (in Spanish). Archived from the original on June 6, 2022. Retrieved June 7, 2022.
^"Gobierno confirma que 'Conti' exige $10 millones de "rescate"". Teletica. April 20, 2022. Archived from the original on May 14, 2022. Retrieved June 7, 2022.
^""En la dark web sí se realizó una publicación que pide $10 millones de, aparentemente, Conti Group"". delfino.cr (in Spanish). Archived from the original on April 21, 2022. Retrieved June 7, 2022.
^"Conti amenaza con revelar datos internos de Hacienda y base de contribuyentes". CRHoy.com (in Spanish). Archived from the original on June 9, 2022. Retrieved June 7, 2022.
^"Costa Rica reporta pérdidas por $125 millones por caos en aduanas". www.larepublica.net (in Spanish). Archived from the original on June 7, 2022. Retrieved June 7, 2022.
^"Importaciones están paralizadas debido a hackeo de Hacienda". CRHoy.com (in Spanish). Archived from the original on April 20, 2022. Retrieved June 7, 2022.
^Hidalgo, Kristin. "Vulneran cuenta de Twitter de la CCSS y publican contenido ajeno a la institución". ameliarueda.com (in Spanish). Archived from the original on April 19, 2022. Retrieved June 7, 2022.
^"¡Atacan de nuevo! Hackean cuenta de Twitter de la CCSS". CRHoy.com (in Spanish). Archived from the original on April 19, 2022. Retrieved June 7, 2022.
^"EE. UU. ofrece $10 millones de recompensa por información sobre líderes de Conti Group". delfino.cr (in Spanish). Archived from the original on May 6, 2022. Retrieved June 7, 2022.
^"EE. UU. ofrece recompensa por hackers tras ataque a Costa Rica". Deutsche Welle (in European Spanish). May 7, 2022. Archived from the original on May 15, 2022. Retrieved June 7, 2022.
^""Estamos en guerra": 5 claves para entender el ciberataque que tiene a Costa Rica en estado de emergencia". BBC News Mundo (in Spanish). Archived from the original on June 3, 2022. Retrieved June 7, 2022.
^"Costa Rica declara el estado de emergencia por el ciberataque de Conti". derechodelared.com (in Spanish). May 9, 2022. Archived from the original on May 31, 2022. Retrieved June 7, 2022.
^"(Video) Rodrigo Chaves: "Conti tiene filibusteros en Costa Rica"". www.larepublica.net (in Spanish). Archived from the original on June 8, 2022. Retrieved June 7, 2022.
^"Rodrigo Chaves dice que Costa Rica está "en guerra"". Deutsche Welle (in European Spanish). May 17, 2022. Archived from the original on May 31, 2022. Retrieved June 7, 2022.
^"Costa Rica's public health agency hit by Hive ransomware". BleepingComputer. Archived from the original on June 6, 2022. Retrieved June 7, 2022.
^"CCSS sufrió 'hackeo' durante la madrugada de este martes". Teletica. May 31, 2022. Archived from the original on June 2, 2022. Retrieved June 7, 2022.
^"'Hackeo' obliga a hospitales de CCSS a trabajar con computadoras apagadas". La Nación (in Spanish). Archived from the original on June 6, 2022. Retrieved June 7, 2022.
and 10 Related for: 2022 Costa Rican ransomware attack information
night (UTC-6:00) of April 17, 2022, a ransomwareattack began against nearly 30 institutions of the government of Costa Rica, including its Ministry of...
10 June 1961) is a CostaRican politician and economist who has served as the 49th and current President of Costa Rica since May 2022. He was previously...
hackers with ransomware, they paid $400,000 in ransom. The city of Albany in the U.S. state of New York experiences a ransomware cyber attack. April: Computer...
to the Election and Finds the U.S. Doing the Same: Fearing Russian ransomwareattacks on the election, the company and U.S. Cyber Command mounted similar...
"Frustrated Dish customers still spending hours on hold weeks after ransomwareattack, they say". NBC News. NBCUniversal News Group. Retrieved March 30...
by RansomwareAttack". The Hollywood Reporter. Cimpanu, Catalin (October 18, 2021). "Sinclair TV stations disrupted across the US after ransomware attack"...