The Russian-speaking Conti ransomware gang has claimed responsibility for a cyberattack that hit several systems operated by the Costa Rican government agencies last week.
Among the targeted agencies were the Ministry of Finance, (Ministerio de Hacienda), and the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the Labor Ministry, as well as the government agency managing the electricity in Cartago.
In case of the Ministry of Finance, the attack affected a number of the agency’s systems from tax collection to importation and exportation processes through the customs agency, according to an Associated Press report. Due to the attacks the ministry temporarily shut down the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.
Christian Rucavado, executive director of Costa Rica’s Exporters Chamber, said the attack on the customs agency had collapsed the country’s import and export logistics.
The country’s president Carlos Alvarado Quesada said that the attack was meant to “threaten the stability of the country in a transition situation,” and stated that the government will not pay the ransom, which some social media reports said is $10 million.
On their data leak website the Conti ransomware gang said it gained access to around 800 servers belonging to the Costa Rican government, from which nearly 1TB worth of data was exfiltrated, including 100GB of internal documents containing full names and email addresses of the Ministry of Finance employees. The group later updated their post to say that they planted backdoors in systems of various public ministries and private companies and will continue to attack until the ransom is paid.