Costa Rica suspects the cyber group with you as guilty of “hacking” information from at least five State institutions, although he assured that he will not pay any ransom to recover his data.
“The organization that is allegedly behind this is Conti Group, according to posts on the dark web (…). A specific ransom note has not been identified, but $10 million has been mentioned on the dark web,” he said. Director of Digital Governance, Jorge Mora.
“We are facing a situation of transnational organized crime that deserves a firm position. We are not willing to extort or pay a reward. We act to reassure the country and restore institutional services,” added the Minister of the Presidency, Geannina Dinarte.
Conti, according to a report by the United States Cybersecurity and Infrastructure Security Agency (CISA), is dedicated to “ransomware” attacks (extortion program), stealing files and documents from servers, and then demanding ransom.
Esteban Jiménez, a Costa Rican cybersecurity specialist, said that Conti has its developer domiciled in Russia and is “an adversary with a lot of capacity and financing.”
On Monday, the Ministry of Finance detected a subtraction of a terabyte of information from databases of the tax and customs systems, with details on taxpayers’ income and imports and exports, according to the head of the sector, Elián Villegas.
The situation caused the entity to disable digital services until it was guaranteed that there would be no more violations, which even temporarily stopped the entry and exit of containers, since they could not be registered.
Villegas did not specify how much is calculated in economic losses due to the inconveniences, but assured that the movements have already been reactivated because there is a contingency plan, which allows manual registration.
Subsequently, the Ministry of Science and Technology (Micitt) had a page on its website modified and the Costa Rican Social Security Fund (CCSS) had access to the Human Resources portal.
Information was also stolen from email servers of the National Meteorological Institute (IMN) and Costa Rican Radiographic Institute (Racsa).
According to CISA, Conti is linked to more than 1,000 cyberattacks around the world.
Mora assured that “everything is under control” and that the intention is to contain the attacks, which “we are going to continue receiving in this digital age.”
Meanwhile, Dinarte confirmed the offer of “friendly governments” to solve the situation, such as the United States, Israel and Spain, more advanced in cybersecurity.