On Tuesday, May 31, the government of Costa Rica confirmed that it had ended up facing another attack from ransomware gangs. The government specified that this time, its Social Security Fund was hit with an unfortunate cyberattack.
The Costa Rican Social Security Fund gave in a statement on Twitter, specifying how the attack was initiated early in the morning on May 31. Moreover, it said that they were already in the process of conducting an extensive investigation on the incident. They went on to confirm that the attack did not impact many of the payroll and pension databases. These included the Unified Digital Health system, along with the Centralised Tax Collection system.
In the statement, the organisation pointed out how they were conducting an analysis in order to attempt to ‘restore critical services.’ However, they stated. it was not possible to determine as to when they would be back ‘in operation.’ As of then, all of them were ‘shut down’ as a preventive measure following the attack.
The statement from the organisation:
Están haciendo análisis para tratar de restaurar servicios críticos, pero no es posible determinar aun cuando estarán en operación. Por ahora preventivamente se bajaron todos los sistemas.
— CCSSdeCostaRica (@CCSSdeCostaRica) May 31, 2022
Brian Kreb, a cybersecurity expert, took to Twitter stating how he had viewed the ransom note connected to this incident, confirming that it was from the Hive ransomware group. Moreover, a separate group, Conti, is reportedly connected to various state ministries of Costa Rica in an ongoing attack.
Inspite of reports stating that Conti was suspending most of its operations, the group went on to release several unhinged threats towards the Costa Rican government. Specifically, the threats mainly included them urging the citizens of Costa Rica to overthrow the government owing to the crippling ransomware attack. Reportedly, Krebs implied that the individuals behind the recent attack from Hive “could just as well be the same criminals” who had conducted the Conti attack.
Brett Callow, threat analyst at Emsisoft and ransomware gave in a statement on the ransomware attack. He noted that previously, the Conti claimed to be in the process of ‘gaining access’ to other systems of the government. He stated that Advintel analysts had noted before that Hive and Conti possibly had deeper ties. Various companies had in fact appeared on leak sites for both Hive and Conti in recent months.
Many employees of the Costa Rican Social Security Fund had taken to Twitter specifying how they were asked to shut off their computers. This was following their printers starting to print unintelligible documents.
Crucially, the government even declared a state of emergency in May after the series ransomware attacks. These attacks unfortunately badly affected Costa Rica’s customs and taxes outlets, along with many agencies. Additionally, even the treasury department had been unable to operate any of its digital services following the attack’s initiation.