Costa Rica’s Cybersecurity Crisis: Financial Institutions Under Attack

A recent attack on Costa Rica’s finance ministry has sparked a nationwide crisis, with cybercriminals targeting financial institutions and government organizations. The attack, attributed to the Conti ransomware group, is just one part of a larger campaign that has left many wondering about the country’s cybersecurity resilience.

Timeline of Attacks

According to a timeline shared by authorities, Conti attempted to breach multiple government organizations almost daily between April 18th and May 2nd. Local authorities, including the Municipality of Buenos Aires, were targeted along with central government organizations such as the Ministry of Labor and Social Security. In some cases, Conti was successful in breaching these institutions, while in others it failed.

Government Response

The Costa Rican government has been working to defend against these attacks, receiving assistance from international partners including the US, Spain, and private companies. The US government even offered a $10 million reward for information about Conti’s leadership. On May 8th, newly inaugurated President Rodrigo Chaves declared a “national emergency” due to the ransomware attacks, labeling the attackers as “cyberterrorists.” Nine of the 27 targeted bodies were severely affected by the attacks, with many still struggling to recover.

MICIT Criticism

The Ministry of Science, Technology, and Telecommunications (MICIT), which is overseeing the response to the attacks, has faced criticism for its handling of the crisis. Authorities have been accused of lacking sufficient resources to effectively respond to the attacks, with some institutions running on outdated software and lacking dedicated cybersecurity staff.

Second Attack

Just as Costa Rica was starting to regain control over the Conti attacks, a second attack struck on May 31st. This time, it was the HIVE ransomware group that targeted the Costa Rican Social Security Fund (CCSS), causing widespread disruptions to healthcare services. Patients have reported delays in receiving treatment and parents of children undergoing surgery have been left worried about their kids’ whereabouts.

Impact on Healthcare

The CCSS has declared an “institutional emergency” and has begun printing discontinued paper forms, with many appointments rescheduled or delayed. The impact on the healthcare system is significant, with 34,677 appointments rescheduled as of June 6th.

Experts’ Warning

As Costa Rica struggles to recover from these attacks, experts are warning that Latin American countries must improve their cybersecurity resilience, introduce laws making cyberattack reporting mandatory, and allocate more resources to protect public institutions. With the face of ransomware changing rapidly, it is clear that this is a critical moment for the country’s cybersecurity efforts.

Conti Group Involvement

The Conti group’s involvement in these attacks raises questions about whether the two separate ransomware attacks are linked. However, with Russian-linked ransomware gangs shifting tactics to avoid US sanctions and fighting over territory, it seems likely that Costa Rica will face further challenges in its fight against cybercrime.

Conclusion

Costa Rica is facing a critical moment in its cybersecurity efforts. With the recent attacks on financial institutions and government organizations, it is clear that the country must take immediate action to improve its cybersecurity resilience and protect public institutions from these types of threats. The Conti group’s involvement in these attacks highlights the importance of international cooperation and the need for countries to work together to combat cybercrime.