Costa Rica, a North American country, was attacked by Conti ransomware, a large number of systems in multiple ministries were affected and a large number of sensitive data were stolen.
The Ministry of Finance of Colombia was the most severely affected. The theft of taxpayer information caused public panic, and systems such as taxation and customs were paralyzed for several days, resulting in heavy losses in the country’s export business, at least US$200 million.
The Colombian president said the attackers were trying to destabilize the country, alluding to Russia. However, some security experts believe that this is just an ordinary money extortion, simply because the country’s system has too many loopholes.
In the past week, a ransomware attack has paralyzed the computer system of the government of the Republic of Costa Rica (hereinafter referred to as “Costa”) in the North American country (located in Central America). The Colombian government has refused to pay the ransom and is trying to prepare for the potential fallout as malicious hackers begin releasing stolen data.
Conti, a Russian-based ransomware gang, has claimed responsibility for the attack, but the Costa Rican government has yet to issue an announcement on the details.
The Ministry of Finance was the worst affected, with systems paralyzed and taxpayer information stolen
The Colombian Ministry of Finance first reported the cyber attack on Monday (April 18). From the collection of taxes and fees to customs exports, many systems under the Treasury Department were affected by the attack. Malicious hackers then targeted other targets, including the Social Security Department’s human resources system and the Department of Labor.
The attack shut down for hours the Treasury Department’s payment system, which covers most of the country’s public officials and also handles government pension payments. The Treasury Department had to approve tax deferrals as payment services were not working properly.
The Conti gang did not disclose the exact amount of the ransom. There were rumors on social media that the hacker gang offered $10 million, but there was no corresponding evidence on the Conti gang website.
“Costa Rica will never pay any ransom to cybercriminals,” said Costa Rica’s President Carlos Alvardao.
Colombian Finance Minister Elian Villegas said on Wednesday (April 20) that hackers accessed “sensitive” taxpayer history information after breaching the finance ministry’s customs platform, without specifying the amount of data leaked.
Colombian companies fear that classified information submitted to the government could be accessed by hacker gangs and then disclosed or misused. Ordinary citizens worry that their personal financial information could be used to hack into their bank accounts.
Platforms such as tax and customs have been suspended for more than 4 days, resulting in heavy losses in export business
According to a Reuters report on April 22, some platforms, including tax and customs, suspended operations for the fourth consecutive day, causing bottlenecks in imports and exports. The Costa Rican Exporters’ Chamber reported a loss of $200 million on Wednesday.
Christian Rucavado, executive director of the chamber, said cyberattacks against customs agencies had already affected the country’s import and export logistics. The goods stranded in the cold storage are slowly decaying. This is a race against time, and the specific economic loss cannot be determined for the time being. Trading operations continue, but at a much slower pace than usual.
Rucavado explained, “Many processes can only be done manually now, and there are delays in work at many border agencies. We have asked the government to take relevant remedial measures, such as extending working hours to ensure that imports and exports are completed in a timely manner.”
He also mentioned that Costa Rica normally exports goods worth $38 million a day.
Attacker with Russian background carried out double extortion
Allan Liska, an analyst at threat intelligence firm Recorded Future, said the Conti gang is carrying out a double extortion: encrypting government documents to disrupt the normal operations of various departments; if no ransom is received, the team publishes the stolen documents on the dark web for extortion sites.
The first point can be solved if these systems have good backups, Liska said, but if the stolen data is highly sensitive, it could be a big problem.
Liska revealed that the Conti gang often rents out its ransomware infrastructure to any “affiliate gang” willing to pay, so the real person behind the attack could come from anywhere in the world.
A year ago, the Conti ransomware attack forced Irish health authorities to shut down IT systems and cancel a large number of appointments, treatments and surgeries.
At the end of February this year, the Conti gang claimed support for Russia in the Russian-Ukrainian conflict. The move angered an underground hacker sympathetic to Ukraine, a security researcher who claimed to have been monitoring the movements of the Conti gang for a long time, and released a large amount of sensitive data such as Conti’s internal chat records and codes.
President says attackers are trying to destabilize country, security experts think it’s just money extortion
As the country with the most stable political situation, abundant wildlife and beautiful tropical beaches in Central America, why is Costa Rica targeted by hacker gangs? Liska believes it may simply be because there are too many holes in the country’s system. “Hacker gangs hunt for specific vulnerabilities. The most likely guess is that there are a lot of holes in the Colombian government system that ransomware hackers found and decided to attack.”
Brett Callow, a ransomware analyst at Emsisoft, said he had seen a document leaked by Costa Rica’s finance ministry, and “the data in it does appear to be authentic.”
On Friday (April 22), the Conti gang claimed on a dark web blog that 50 percent of the stolen data had been released, including a total of 850 GB of data from the databases of Colombia’s Ministry of Finance and other agencies. “These are good phishing fodder, and hopefully fellow hackers in Costa Rica can use it to make a fortune,” the gang said.
In recent years, network security has gradually become a hot topic. There are many businesses and governments that are also attacked by ransomware. Enterprises and governments should be vigilant, do a good job in data protection and disaster recovery, and use virtual machine backup and other methods to do a good job in data backup.