QCOSTARICA — The government of Costa Rica invested a total of $25 million dollars in the attempt to partially recover the data that had been stolen by Conti and Hive Ransomware between April and May last year, which had targeted the Ministerio de Hacienda (Ministry of Finance) and the Caja Costarricense de Seguro Social (CCSS) or Caja.
The governing authorities have made public this information, for the first time, which is in stark contrast to the sum of money that the perpetrators were demanding from the Government to unlock the encrypted data.
In the case of Conti, the Russian group demanded payment of US$20 million, then lowered it to US$15 million, and finally, in the absence of a response, finalized their offer at US$10 million; money that, according to the Costa Rica Presiden Rodrigo Chaves was not paid to the hackers. This is according to what was said in a discussion on cybersecurity that took place during his visit to the United States last month.
On the other hand, Hive Ransomware Group demanded US$5 million payable in Bitcoins for the return of the data stolen from the CCSS servers, which included, among others, patient data that unfortunately could not be recovered, as confirmed by the Minister Science and Technology (Micitt), Paula Bogantes, this week at a press conference.
In the midst of this panorama of “war” as it was described by President Chaves himself, motivating him on his first day in office to declare a national emergency for such violations, the question arises as to how convenient it would have been to have negotiated with the attackers, or to seek other methods to recover data, seen from an investment perspective.
The advantages of paying the ransom would have resulted in the probability of recovering the encrypted data faster, and possibly a complete data restoration. It would have also reduced the operational paralysis of the affected government agencies, especially in critical environments.
The disadvantage is that there was no guarantee that the hackers would just hand over the information, giving incentive for cybercriminals to carry out more attacks.
“When you pay hackers, you have a 70% chance that what they give you is a key to decrypt the information, nothing more; this at best; But if you do not respond to their demands, the data recovery time can be long, or even non-existent,” explains Juan Baby, an Israeli ethical hacker with military experience in his country.
This expert’s premise regarding this last point was reflected in the definitive disappearance of digital files of the Caja’s insured, particularly in areas such as oncology, which represented a serious aggravating circumstance with regard to their treatment and clinical history, which was also publicly reaffirmed by Bogantes.
“Cybersecurity is not an expense, it is an investment,” added the Minister, who recently confirmed publicly that the increase in the national budget allocated to Micitt, as well as donations from the United States Government, will be used to strengthen the economic muscle in the face of the challenges that lie ahead in this matter.
What awaits Costa Rica in terms of cybersecurity for 2024? After more than 770 million cyberattack attempts were reported in the first half of this year, according to a report prepared by the specialized firm Fortinet, some experts consulted expressed their points of view in order to avoid a further escalation of attacks. cyberattacks next year, even in light of new technologies.
Paula Brenes Former Director of Digital Governance at Micitt: “Cybersecurity in the health sector must be a priority attention section in the National Cybersecurity Strategy, as well as essential services and critical infrastructure. “Public-private alliances are key in an emergency situation like the one suffered; it is necessary to have the legal framework and prior relationships that allow the immediate execution of actions.”
Marvin Soto, a Costa Rican specialist recognized among the 100 best ethical hackers in the world: “Generation of malicious codes, the discovery of surfaces and other vectors of cyber attacks are possible to execute through Artificial Intelligence, aimed at taking advantage of vulnerabilities through the development of languages or applications that could once again put the country’s institutions in check”.