Costa Rica has declared a state of emergency after ransomware hackers crippled computer networks across multiple government agencies, including the Ministry of Finance.
The official declaration, published to a government website Wednesday, called the attack “unprecedented in the country” and said that it interrupted the country’s tax collection and exposed citizens’ personal information.
The hackers initially broke into the country’s Ministry of Finance on April 12, it said. They were able to spread to other agencies, including the Ministry of Science, Technology and Telecommunications and National Meteorological Institute.
Leon Weinstok, the director of the law firm BLP’s Costa Rica office, who specializes in cybersecurity law, said that the attack had severely impacted the country’s ability to function.
“The government has been really really affected. It is impossible to quantify the losses at this time,” Weinstok said.
Ransomware hackers encrypt victims’ computer networks and demand payment that they say will unlock them, though that process doesn’t always work. Costa Rica never considered paying the fine, as it goes against national laws to participate in such negotiations, Weinstok said.
Costa Rica’s president, Rodrigo Robles, just took office Sunday. The emergency declaration gives him the authority to hire external cybersecurity experts without waiting for permission from the country’s legislative assembly, Weinstok said.
Conti, one of the most destructive active ransomware gangs, is responsible for the attack. Ransomware groups often also try to extort victims by threatening to publish stolen data, and Conti published a large cache of documents, allegedly from Costa Rican government sites, to its dark web site Sunday.
Conti is perhaps most infamous for hacking and severely disrupting Ireland’s national health care system last year. While membership in ransomware gangs is often fluid, the gang is largely made up of Russian and eastern European hackers. It declared its allegiance to Russia when the country invaded Ukraine in February, said Brett Callow, a ransomware analyst at the cybersecurity firm Emsisoft.
On Friday, the U.S. State Department offered a $10 million reward for helping bring Conti hackers to justice and said the group was responsible for the Costa Rica hack.
Source: | This article originally belongs to Nbcnews.com
