26 April 2022

Costa Rican government systems hit with Conti ransomware


Costa Rican government systems hit with Conti ransomware

The Russian-speaking Conti ransomware gang has claimed responsibility for a cyberattack that hit several systems operated by the Costa Rican government agencies last week.

Among the targeted agencies were the Ministry of Finance, (Ministerio de Hacienda), and the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the Labor Ministry, as well as the government agency managing the electricity in Cartago.

In case of the Ministry of Finance, the attack affected a number of the agency’s systems from tax collection to importation and exportation processes through the customs agency, according to an Associated Press report. Due to the attacks the ministry temporarily shut down the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.

Christian Rucavado, executive director of Costa Rica’s Exporters Chamber, said the attack on the customs agency had collapsed the country’s import and export logistics.

The country’s president Carlos Alvarado Quesada said that the attack was meant to “threaten the stability of the country in a transition situation,” and stated that the government will not pay the ransom, which some social media reports said is $10 million.

On their data leak website the Conti ransomware gang said it gained access to around 800 servers belonging to the Costa Rican government, from which nearly 1TB worth of data was exfiltrated, including 100GB of internal documents containing full names and email addresses of the Ministry of Finance employees. The group later updated their post to say that they planted backdoors in systems of various public ministries and private companies and will continue to attack until the ransom is paid.


Back to the list

Latest Posts

Exploit code published online for a critical VMware vulnerability

Exploit code published online for a critical VMware vulnerability

A proof-of-concept code for the vulnerability along with technical analysis has been published by a security researcher.
10 August 2022
Cloudflare employees also targeted by SMS phishing attack

Cloudflare employees also targeted by SMS phishing attack

The company says that the attack occurred around the same time as Twilio was attacked and was similar in nature.
10 August 2022
Microsoft fixes yet another MSTD zero-day exploited in the wild

Microsoft fixes yet another MSTD zero-day exploited in the wild

Microsoft had been aware of the DogWalk vulnerability for nearly two years, but deemed it not a security issue.
10 August 2022