Costa Rican government seems to be in a bind since last week because of a cyberattack by Russian cybercriminals, Conti. The government IT systems are under continuous threat and the Costa Rican government refuses to give in to the demands of the cybergroup.
As of last week, Conti demanded a ransom of $10 million but the Costa Rican government dismissed it by stating Conti was just trying to destabilize the country. It should be noted that the cybergroup stole at least a terabyte of data.
Now, angered at their demand getting rebuffed, Conti revealed in a statement on their website that they released 80% of the stolen information onto the Dark Web.
The Costa Rican government continues to refuse their demands. Even though, the damages from the cyberattack have been accumulated to nearly hundreds of millions of dollars. As a result of this cyberattack, there’s a chance that apart from Conti, many other Russian cyber groups will target Costa Rica and a whole new wave of attacks may begin.
The cyberattack has targeted multiple government departments of Costa Rica and continues to wreak havoc across the country. Just last weekend, there was a breach in Costa Rica’s tax and customs administration systems. The hackers attacked the country’s finance ministry first, then the social security agency’s human resources system and the Ministry of Labor as well.
Since the last week, six public institutions have been hacked by Conti.
According to the finance minister Elian Villegas, one terabyte of information from the Central American nation’s customs directorate was stolen. Apparently, it’s the department that is responsible for handling import and export checks. The stolen information includes confidential information on taxpayers.
“Apart from that I am not aware of any other information that may have been extracted,” Villegas told Reuters.
Although the Costa Rican government hasn’t confirmed the origin of the attack, however, Conti took credit for it in a blog post on their website. Their blog post stated:
“We will continue to attack the ministries of Costa Rica until its government pays us. Attacks continue today. We downloaded one [terabyte] of your portal databases as well as internal documents, we will start publishing this data on April 23.”
Costa Rican government continues to be adamant about not paying the ransom to Conti. According to Villegas:
“We are not in a position to pay. We are a public entity, we cannot access this type of request, from the principle of legality I am not authorised for any payment of this type.”
As a result of the cyberattack, there have been serious damages to the country, specifically to its tax and customs platforms. According to the exporters’ union of Costa Rica, there have been a loss of $200 million solely last Wednesday. As a safety precaution for the public, the internal systems and government website has been taken down for the meanwhile until the dust settles.
At the moment, Costa Rica is in the midst of a government transition. Hence, the soon-to-be-former President Carlos Alvarado believes the attacks are only attempting to destabilize Costa Rica until his successor, Rodrigo Chaves and his government take over.
In a previous statement, Alvarado said,
“This attack is not an issue of money but seeks to threaten the stability of the country in a situation of transition. They will not achieve this.”
Chaves will hold the office from May 8th.
Max Heinemeyer, VP of cyber innovation at security company Darktrace stated that despite the mounting costs, Costa Rica should march on ahead and not pay heed to the cybercriminals. He said:
“Once the damage is done, paying will not guarantee that the problem goes away – for example, the decryption key might not work and a lot of systems might still have to be rebuilt from scratch,”
“The recovery work itself, regardless of decryption keys being delivered, can take weeks or months and can be a very costly process. Even if the ransom is paid, there is no guarantee that the stolen data will actually be erased – you’d have to trust the word of the criminals who just breached you.”
Whether a new Russia-backed wave of cyberattacks is on the horizon or these are empty threats by goons who get to have their way every single time, only time will tell. In the meanwhile, Costa Rica looks forward to the new president-elect having a more formidable solution to this entire debacle.