Russian Hacking Cartel Attacks Costa Rican Government Agencies

WASHINGTON – A Russian hacking cartel has launched an extraordinary cyber attack on the Costa Rican government, crippling the tax collection and export system for more than a month and forcing the country to declare a state of emergency.

Russia-based ransomware gang Conti has claimed responsibility for the attack, which began on April 12 and threatened to leak stolen information if it did not pay 20 million. Experts monitoring Conte’s movements say the group has recently begun focusing on countries in Central and South America, from the United States and Europe, perhaps seeking revenge against nations that support Ukraine.

Some experts also believe that Conte was afraid of a crackdown by the United States and was looking for new targets regardless of politics. The Federal Bureau of Investigation estimates that the group is responsible for more than 1,000 ransomware attacks worldwide, earning more than 150 million.

“Ransomware cartels have found that multinational companies in the US and Western Europe are less likely to turn a blind eye if they need to pay some unjust amount to run their business,” said Juan Andres Guerrero-Sade, chief threat researcher at Sentinellon. “But at some point, you’re going to tap that space.”

Whatever the reason for the migration, the hack shows that Conti was still aggressive despite speculation that the gang might disband as it was the target of a hacking operation in the early days of Russia’s war on Ukraine. The criminal group, which promised to support Russia after the invasion, regularly targets businesses and local government agencies by breaking into their systems, encrypting data and demanding ransom to restore it.

About Costa Rica hacking, MCSoft threat analyst Brett Kello said it was “probably the most significant ransomware attack ever.”

“This is the first time I can recall a ransomware attack that led to the declaration of a national emergency,” he said.

Costa Rica has said it refused to pay the ransom.

The hacking campaign took place after Costa Rica’s presidential election and quickly became a political coup. The previous administration, in its first official news releases, downplayed the attack, portrayed it as a technical problem and presented an image of stability and peace. But the newly elected president, Rodrigo Chavez, began his term by declaring a national crisis.

“We are at war,” said Mr. Chavez said during a news conference on Monday. He said the ransomware attack had affected 27 government agencies, nine of which were significant.

According to Shree, the attack started on April 12. Chavez’s administration, when hackers said he was linked to Conti, entered Costa Rica’s finance ministry, which oversees the country’s tax system. From there, ransomware spreads to other agencies that oversee technology and telecommunications, the government said this month.

Two former officials with the finance ministry, who were not authorized to speak in public, said the hackers were able to access taxpayers’ information and disrupt Costa Rica’s tax collection process, forcing the agency to shut down some databases and resort to using them. Took. About 15 years old system for collecting revenue from its largest taxpayers. Most of the country’s tax revenue comes from a relatively small pool of nearly a thousand large taxpayers, making it possible for Costa Rica to continue tax collection.

The country also depends on exports, and cyber attacks forced customs agents to do their work only on paper. While investigations and recovery are ongoing, taxpayers in Costa Rica are forced to file their tax declarations individually with financial institutions instead of relying on online services.

Mr. Chavez is a former World Bank official and finance minister who has vowed to shake up the political system. His government declared a state of emergency this month in response to the cyber-attack, calling it “unprecedented in the country.”

“We are facing an unavoidable catastrophe, a public catastrophe and a situation of internal and external turmoil which, without extraordinary measures, cannot be controlled by the government,” he said. Chavez’s administration said in a statement announcing the crisis.

The state of emergency allows agencies to move more quickly to eliminate violations, the government said. But cybersecurity researchers say a partial recovery could take months, and the government will never be able to fully recover its data. The government may have backups of some of its taxpayer information, but those backups will take some time to come online, and the government will first need to make sure it has removed Conti access from its systems, the researchers said.

Paying ransom will not guarantee recovery as Conti and other ransomware groups are known to withhold data even after receiving payment.

“Unless they pay the ransom, which they have stated they have no intention of, or have backups that enable them to recover their data, they are potentially seeing total, permanent data loss,” Mr. Colo said.

When Costa Rica refused to pay the ransom, Conte began threatening to leak its data online, posting some files that it claimed contained stolen information.

“It is impossible to see the decisions of the Costa Rican president’s administration without irony,” the group wrote on its website. “All this could have been avoided by paying.”

On Saturday, Conte raised the stakes, threatening to delete the key to restore data if he did not receive payment within a week.

“With governments, intelligence agencies and diplomatic circles, the vulnerable part of the attack is not really ransomware. That is data exhilaration, ”said Mr. Guerrero-Sade of Sentinelvan. “You are in a situation where potentially sensitive information is in the hands of a third party.”

The breach, among other attacks by Conte, prompted the US State Department to join the Costa Rican government, which offered a 10 million reward for information leading to the identification of key leaders of the hacking group.

The group carried out a ransomware incident against the Costa Rican government that severely affected the country’s foreign trade by disrupting its customs and tax platforms, State Department Ned Price said in a statement. “By offering this award, the United States demonstrates its commitment to protecting potential ransomware victims around the world from being exploited by cybercriminals.”

Kate Cong reported from Washington and David Bolanos from San Jose, Costa Rica.

Similar Posts

Leave a Reply

Your email address will not be published.