Costa Rica suffered in the early hours of Tuesday a new computer attack, this time against the servers of the Costa Rican Social Security Fund (CCSS)although the authorities could not confirm the involvement of the Russian Conti group, to which they attributed previous cyberattacks.
The Caja’s executive president, Álvaro Ramos, described the attack as “violent“, although he clarified that the databases of the institution, in charge of public health and pensions, which had already been hacked previously, were not compromised.
“We believe that there are about 30, of the more than 1,500 servers that the Fund has, that are infected, but fortunately we have the vaccine,” Ramos said at a press conference.
“The institution reacted immediately and proceeded to shut down critical systems, even the not so critical ones,” he added.
However, the CCSS reported that the cyberattack will affect care in its hospital network.
The authorities confirmed that the extortion program “ransomware” was used in the attack, although it is unknown if its authors are the Russian group Conti, which the Costa Rican government links with the hacks that the country has suffered since April.
“We have to confirm which group sent this “ransomware” to the institution,” said the director of Information Technology and Communications of the Cash registerRobert White.
A few days after assuming power on May 8, President Rodrigo Chaves declared that Costa Rica was at “war” with hackers and declared a national state of emergency.
Former President Carlos Alvarado stated before leaving office that his government refused to pay the money demanded by the conti hackers not to publish the information obtained illegally.
According to a report by the US Cybersecurity and Infrastructure Security Agency (CISAfor its acronym in English), Conti engages in “ransomware” attacks by stealing files and documents from servers, then demanding a ransom.
According to the CISA, this Russian group is related to more than 1,000 cyberattacks in the world.
In total, some 27 Costa Rican public entities have suffered this type of interference in their databases so far this year. The most damaged institution was the Treasurywhose platforms are still out of service.
rrg