QCOSTARICA – President Carlos Alvarado, in a recorded video on national television on Thursday, reacted to the cyberattack faced by state systems and assured that it is an attempt to destabilize the country in the transition to the new government.
Four days after the hacking of government institutions began, the main objective being the servers of the Ministerio de Hacienda (Ministry of Finance), the president published on social networks that the country, in general, is facing the cyber threat.
In addition to Hacienda, platforms or sites of the Ministerio de Ciencia, Innovación, Tecnología y Telecomunicaciones (Micitt), Instituto Meteorológico Nacional (IMN), Radiográfica Costarricense (Racsa), the Caja Costarricense de Seguro Social (CCSS) and the Ministerio de Trabajo, the Fondo de Desarrollo Social y Asignaciones Familiares were targeted to some degree.
Alvarado reaffirmed that the government will not pay any extortion and claims of money that the Conti ransomware has published and asked the public to unite against this type of criminal act.
President-elect Rodrigo Chaves, who assumes office at noon on May 8, has not commented on the cyberattack.
On the dark web, the Russia-based cybercrime group Conti claimed responsibility, demanding US$10 million from Costa Rica in exchange for releasing stolen or encrypted data.
“This attack is not an issue of money, but seeks to threaten the stability of the country in a situation of transition,” the president said, who affirmed that his government is taking the situation seriously and thanked the offer of help from countries such as the United States, Spain, and Israel.
Wednesday morning, the Ministry of Finance filed a complaint with the Fraud Prosecutor’s Office, referring to violations of the Tax Standards and Procedures Code of criminal behavior such as unauthorized access to information, improper handling of information systems and computer crimes typified in the General Customs Law.
The Prosecutor’s Office confirmed that an investigation is underway.
The hackers accessed historical taxpayer information considered “sensitive” after intervening in the Treasury’s customs platforms, Finance Minister Elian Villegas said on Wednesday, without specifying the amount of data breached.
Some websites, including those of tax and customs, remained suspended for the fourth day, causing a bottleneck in imports and exports.
At the Peñas Blancas border with Nicaragua, transporters have been complaining of the long lines, the delays due to the fact that customs paperwork has to be processed manually.
The drivers, many from all over Central America, have also denounced personal attacks on them and their rigs.
The country’s exporters union reported losses of US$200 million on Wednesday.
Alvarado said government officials, with the help of cyber experts from private companies and international organizations, are still working to assess the damage, prevent new attacks, and restore services.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned in March of cyberattacks by Conti, known for using ransomware programs to extort millions of dollars from its targets.
The attack
The attack on the Ministry of Finance servers took place on Sunday, April 17, the last day of the Semana Santa holiday, leaving the attack unnoticed until Monday morning, April 18, raising questions in itself about how seriously government agencies take their cybersecurity.
At first, the Finance Ministry downplayed the attack against them, after first claiming only that the site was down.
Conti claims to have encrypted the data from the Ministry of Finance and has threatened to release it on April 23rd unless they get paid.
Conti is malicious software classified as ransomware. Systems infected with this malware have their data encrypted.
Along with encrypting networks and demanding payment for the decryption key, one of the key hallmarks of Conti ransomware attacks is stealing sensitive data from victims and threatening to publish it if the ransom isn’t paid