Russian hackers terrorize Costa Rica for a month and a half: they want ransom and overthrow

The attack began on April 18 and continues to this day. It is under attack from ministries, foundations, institutes and energy companies.

what is the situation now

• The digital services of the Costa Rican Ministry of Finance have been down since April 18. The attacks affected the customs and tax systems, as well as the health system, the Ministry of Labor, the National Meteorological Institute, the Ministry of Science, Innovation, Technology and Telecommunications.
• Many important processes “go to paper”. Commerce is paralyzed, ordinary citizens still cannot access public services online, private companies cannot report their income and charge for their services.

We are witnessing the beginning of an unprecedented era of cyber attacks,
– says Diego Gonzalez, head of the cybersecurity division of the Costa Rica Chamber of Information and Communication Technologies.

He suggested that the results in Costa Rica were the beginning of future attacks around the world.

• First, criminals 10 million dollars ransom demanded by eight government agencies.
• After denial, hackers began hacking local establishments one by one, first raising the ransom to $20 million, then lowering it to $15 million. Now they have a new goal: to overthrow the local government.
• The United States, which had previously been Conti’s target, came to the rescue. By January 2022, the FBI had identified more than a thousand victims of Conti-related attacks. They took more than $150 million from their victims, making their program the most effective virus ever recorded. The Conti malware is one of the top three attacks on critical US infrastructure affecting the manufacturing, financial, technology, food and construction industries.
• states offered a reward of up to $10 million for knowledgeto help find key Conti leaders. Up to $5 million is promised for information leading to their arrest and/or conviction.
• But the hackers themselves did not remain – other groups joined them.
• The Costa Rican government still refuses to pay and is losing about $30 million a day. In the first two days of the attack alone, the Chamber of Commerce estimated damage at more than $125 million.
• By the way, some of the stolen documents have already appeared on the gang’s website.
• Finance Minister Nogui Acosta warned that the government is unsure whether it will be able to balance the books in May and does not know whether taxes have been properly paid.

State of emergency and change of authority

On May 8, Costa Rican President Rodrigo Chavez declared a state of emergency that continues to this day. It was on the first day of his term as head of state. The new president immediately faced negative feelings among the people – tens of thousands of civil servants could not be paid more than a month’s salary.

Meanwhile, the hackers who created the problem themselves, He urged the citizens of Costa Rica to rise up against the government. in this order He came to power just three weeks after the crisis began and immediately stated that he would not negotiate with terrorists.

There are no serious concerns so far, but the crisis has already forced teachers to take action against the government, according to sources. Some, having not received their salaries since February, two months before the attacks, united and are planning to protest in front of the presidential building.

Do traitors help hackers?

In a comment to local media, President Chavez said Conti was an insider: collaborators in Costa Rica were helping to blackmail the government. However, he did not offer any evidence to support this theory.

We are at war and that is no exaggeration. The war is being waged against an international terrorist group. There are clear signs that someone from within the country is working with Conti.
Said Rodrigo Chavez.

• However, it is known that the side of hackers is another group called Hive. The extortion program has been deployed to at least 30 of the 1,500 government servers.
• On May 31, the Hive hacked the National Health Service. Although the exact consequences are not known, it is suggested that this may lead to delays in medical care and operations. Some public health centers have closed completely, saying they “can’t prescribe any medication.”
• On the same day, the social security fund systems were closed. The extent of the damage is not yet known.
• It’s unclear whether they worked together or if the new group decided to take advantage of the chaos to bite off a lot of the loot.

Why are Costa Rica and Ukraine here?

The beginning of the attacks on Costa Rica coincided with the attacks on Peruvian government institutions. Conti said he had hacked the country’s National Intelligence Agency and threatened to reveal classified information if the government did not pay a ransom. In the past 90 days, attackers have attempted to break into 15 government institutions in Brazil, nine in Argentina, six in Colombia, four in Ecuador, and three in Chile to extort money. In general, the victims are the countries of South America and the southern part of the North.

This is because: many Latin American countries lack the know-how or cybercrime laws to combat cyber threats.. They have virtually no plans to protect critical infrastructure, cybersecurity response teams, and are unable to detect attacks in a timely and adequate manner.

Another possible reason for such interest in Costa Rica is that the country is an open ally of the United States. The fact is that after the Russian invasion of Ukraine, Conti hackers threatened to attack the enemies of the Kremlin. The group expressed its full support for the Russian government with the following words: “If someone decides to launch a cyber-attack or any military action against Russia, the group plans to use all possible resources to attack critical enemy infrastructures.”

Also founder of Costa Rican cybersecurity consulting agency ATTI Cyber ​​Esteban Jimenez says development of core Conti software is funded by the Russian government. The software used in Costa Rica in recent months is “variants of several attack packages that have been taken from and studied attacks in Ukraine and the United States.” Thus, we can say that the experience Conti gained in the attacks against Ukraine is now being applied in Costa Rica.