Costa Rica has suffered for several weeks a massive cyberattack orchestrated by the Russian hackers of Conti. This time it’s the turn of country’s public health system to be affected. A ransomware dubbed “Hive” forced the Costa Rican social security take their systems offline.
Costa Rica is not making it
In a statement on Twitter, CCSS (Caja Costarricense de Seguro Social) said the attack began early Tuesday morning and an investigation is ongoing. The institution specifies that the Hive ransomware has been deployed on at least 30 of the 1,500 government servers and that it is impossible to estimate the recovery time. Some CCSS employees said they were told by management to shut down their computers after the printers started outputting strange documents. An attack which occurs while the country is still in a state of national emergency.
Microsoft will train 10,000 cybersecurity professionals in France within 3 years
CCSS sufrió hackeo en la madruga de este martes
El hackeo se dio en horas de la madrugada de este martes 31 de mayo.
Se están realizando los análisis correspondientes.
The data bases of Edus, Sicere, plans and pensions no se vieron compromised.
— CCSSdeCostaRica (@CCSSdeCostaRica) May 31, 2022
For several weeks, many government institutions have been affected by attacks. We find in particular the Ministry of Finance of Costa Ricathe Ministry of Labor and Social Security, the Social Development and Family Allowance Fund, the University Headquarters of Alajuela, the Administrative Council of the Electric Service of the Province of Cartago, the Ministry of Science, Innovation , technology and telecommunications, the National Institute of Meteorology… In short, most of the country’s bodies are concerned.
Conti teams up with other cybercriminals
Conti hackers, backed by the Russian state, are pressuring the government to pay the ransom ($20 million). They specify that “we are determined to overthrow the government by means of a cyberattack, we have already shown you all our strength and power”. According to cybersecurity experts who worked on the CCSS attack, Conti hackers may have accompanied hackers behind Hive ransomware. It may even be a way of “change brand” in order to escape international sanctions.
Conti is at an impasse. Because of his public allegiance to Russia in the early days of the Russian invasion of Ukraine, the group may have to shut down. In an attempt to survive, hackers have formed alliances with other groups, including Hive, a gang behind ransomware as a service (RaaS) software, whose hackers have been active since at least June 2021. Given Conti’s position, it’s no wonder that this attack is attributed to other cybercriminals.