Costa Rica’s newly appointed new president Rodrigo Chaves can begin immediately this month. Due to an attack with so-called ransomware, a large part of the national government has been paralyzed for a month. Immediately after his inauguration on May 8, Chaves, a conservative populist who won the April election, declared a state of emergency. This measure, which is actually intended for wars or natural disasters, gives the authorities additional powers and resources to combat the crisis.
The cyber attack started in mid-April when hackers broke into the Treasury’s IT systems. Among other customs and tax authorities were hit, due to the fact that the Costa Rican government is currently unable to collect many taxes. The Ministry of Labor and the National Board of Health and Welfare are also among the 27 affected institutions.
Cybercriminals use ransomware (or ransomware) to encrypt files and computer systems, making them inaccessible. For a fee, usually in cryptocurrencies, they regret this encryption. Last weekend, the hackers doubled the ransom demanded by Costa Rica up to $ 20 million (more than 19 million euros) and they threatened to destroy the key that could be used to lift the hostage situation within a week.
also read Ransomware increasingly disrupts social life
In addition, perpetrators often enforce their demands by intercepting sensitive data and threatening disclosure if their targets do not cross the bridge quickly enough. Also in Costa Rica, the hackers say they intercepted 46 gigabytes of information. Shortly after the attack on Costa Rica, the same cyber gang posted 9.5 gigabytes of stolen files from a Peruvian intelligence service on its blog.
That gang is almost certainly Conti, a notorious collective of Russian-speaking cybercriminals. Unlike many other ransomware groups, Conti is known not to shy away from attacks on sensitive ‘civilian targets’, such as hospitals.
The gang made headlines earlier this year when it expressed its support for Russia’s war in Ukraine. In response, an anonymous Ukrainian, possibly a former member of the gang, posted several internal messages from Conti on the Internet. This gave security experts and investigation services a unique insight into the group’s working method and internal organization.
At ‘Conti Leaks‘includes indications of close ties between the gang and the Russian authorities. Criminal hacking groups can usually operate from Russia more or less with impunity, as long as they do not kill victims in their own country, and there are many known links between the cybercriminals and Russian intelligence services.
Last June, the fight against cybercrime from Russia was a major topic of discussion at US President Biden’s first meeting with his colleague Putin, including in response to a cyber attack on the Colonial Pipeline, a fuel pipeline that supplies much of gasoline and petroleum to the eastern United States. Coastal transport, now a year ago.
Although the Kremlin steadfastly refuses to be involved in such attacks, in January the Russian intelligence service dismantled the FSB “at US request” the cyber gang REvil, which operated more or less openly in Russia and is linked to the attack on the Colonial Pipeline. Some analysts saw this move as not an approximation, but as one hidden threat: Russia showed that it has complete control over the cybercriminals.
Earlier this month, U.S. authorities offered rewards of up to $ 10 million for information that led to the identification of the Conti hackers.
‘Help from within’
Chaves, like his predecessor, refuses to meet Conti’s demands. Although it is still unclear how the hackers managed to get in, he accuses the previous government of having neglected cyber security for public services for years.
On Monday, he also stated without proof that Conti had received help from within. “We are at war and that is no exaggeration. “We are at war with an international terrorist group that apparently has accomplices in Costa Rica,” the newspaper was quoted as saying. La Nacion his press conference.