Costa Rica declares state of emergency over ransomware attack
Costa Rica has declared a state of emergency after ransomware hackers crippled computer networks across multiple government agencies, including the Finance Ministry.
The official declaration, published on a government website Wednesday, said that the attack was “unprecedented in the country” and that it interrupted the country’s tax collection and exposed citizens’ personal information.
The hackers initially broke into the Finance Ministry on April 12, it said. They were able to spread to other agencies, including the Ministry of Science, Technology and Telecommunications and the National Meteorological Institute.
Leon Weinstok, the director of the Costa Rica office of the law firm BLP, who specializes in cybersecurity law, said the attack had severely affected the country’s ability to function.
“The government has been really, really affected. It is impossible to quantify the losses at this time,” Weinstok said.
Ransomware hackers encrypt victims’ computer networks and demand payment that they say will unlock them, although that process doesn’t always work. Costa Rica never considered paying the ransom, as it goes against national laws to participate in such negotiations, Weinstok said.
Costa Rica’s president, Rodrigo Chaves, just took office Sunday. The emergency declaration gives him the authority to hire external cybersecurity experts without waiting for permission from the country’s legislative assembly, Weinstok said.
Conti, one of the most destructive active ransomware gangs, is responsible for the attack. Ransomware groups often try to extort victims by threatening to publish stolen data, and Conti published a large cache of documents, alleged to be from Costa Rican government sites, to its dark web site Sunday.
Conti is perhaps most infamous for hacking and severely disrupting Ireland’s national health care system last year. While membership in ransomware gangs is often fluid, the gang is largely made up of Russian and Eastern European hackers. It declared its allegiance to Russia when the country invaded Ukraine in February, said Brett Callow, a ransomware analyst at the cybersecurity firm Emsisoft.
On Friday, the U.S. State Department said the group was responsible for the Costa Rica hack and offered a $10 million reward for help bringing Conti hackers to justice.