QCOSTARICA – The Ministerio de Hacienda (Ministry of Finance) admitted the exposure of historical data from the General Directorate of Customs and reported that investigations are being carried out in this regard.
Initially, Hacienda did not use the word “hacked” with respect to its website and services such as Administración Tributaria Virtual (ATV) – Virtual Tax Administration and the Tecnología de Información para el Control Aduanero (TIC@) – Information Technology for Customs Control, that were temporarily suspended and the services will be restarted once the analyzes are finished.
However, following an alert on Twitter by Better Cyber of a cyberattack by a group of hackers of Russian origin, Conti, requesting US$10 million from the Government of Costa Rica for the information apparently stolen, the Minister of Finance, Elián Villegas, said in an interview that the government will not pay any hacker for the information .
“We ask only 10M USD for your taxpayers’ data” reads the message.
🚨 Latest update from #Conti:
“We ask only 10m USD for keeping your taxpayers’ data” pic.twitter.com/cTrHnLMYfj
— BetterCyber (@_bettercyber_) April 18, 2022
Better Cyber claimed that Conti downloaded a Terabyte of data from the Hacienda systems, and would release it on April 23.
The cyberattack is a Ransomware (extortion program) that restricts access to files on an infected system by encoding them and requesting money in exchange for reversing this situation.
This morning the Hacienda website (https://www.hacienda.go.cr/) is still down.
On Facebook, Hacienda assured that the exposed information does not affect the operational or control actions carried out by the National Customs Service.
“Since early today we have been facing a situation in some of our servers, which has been attended by our staff and by external experts, who during the last few hours have tried to detect and repair the situations that are occurring.
“This Ministry has made the decision to allow the investigation teams to carry out an in-depth analysis of the information systems, for which it has made the decision to temporarily suspend some platforms such as ATV and TIC@, and the services will be restarted once the teams complete their analyses (…) The data identified so far are of a historical nature and are used by the National Customs Service as inputs and support,” reads part of the statement.
The Ministry of Finance also issued an alert that users (taxpayers) are not being asked to reset their access codes.
“Unscrupulous people have been contacting citizens on behalf of this Ministry, to request the reset of their access codes to computer systems.
“The Ministry of Finance clarifies that it is not requesting the regeneration of any type of password and reminds the population that our officials will never request passwords, access codes, installation of computer programs or access to their bank accounts. If you receive calls or messages of doubtful origin, notify the OIJ, through the numbers 800-8000-645 and 8800-0645.”
For its part, the Ministerio de Ciencia, Innovación, Tecnología y Telecomunicaciones (Micitt) – Ministry of Science, Technology and Telecommunications – confirmed that, since this Sunday, April 17, it informed the Treasury about the alleged “malicious activity” of the Conti cybercriminal group, in the ATV and the TICA, administered by Customs.
The Computer Security Incident Response Center (CSIRT-CR), of the Micitt, was the body that detected the alleged publication of ransomware in the tax and customs systems.
The Director of Digital Governance, Jorge Mora, explained that in September 2021 and on March 15 of this year, alerts were sent as part of the monitoring carried out with public institutions.
According to a report by the United States Cybersecurity and Infrastructure Security Agency (CISA), cyberattacks by the Conti group have increased to more than 1,000 internationally in recent months.
“In typical Conti ransomware attacks, cybercriminals steal files and documents from servers, then demand a ransom payment,” a CISA statement said.
The Federal Bureau of Investigation (FBI) issued an alert last May about Conti attacks in the United States and revealed that the extortion to release sensitive information has reached up to US$25 million.
Extension to pay taxes
This Monday, taxes such as the impuesto sobre el valor agregado (IVA) – value added tax (VAT) – the selective consumption tax, casinos and games, the single tax on fuels, alcoholic beverages, the simplified regime, among others, was to be paid.
“Given the situation with various Treasury computer systems, we have made the decision to extend the presentation and payment of some taxes, such as VAT, until we report that the systems are fully restored. In the case of exports, we are applying an emergency system that allows us to continue with the process on a regular basis,” Miniser Villegas stressed.
The issuance of certificates of legal status in digital and physical format by the National Registry was also suspended due to the impossibility of making inquiries in the Treasury databases. The service will be reactivated until the treasury platforms are restarted.
Additionally, the Customs Service will apply a contingency plan so as not to affect the process of exporting goods.
