Costa Rica says it will not pay a ransom to a cybercriminal gang that has infected its government’s computer systems with ransomware.
The disruption of multiple systems was first reported a week ago by the country’s Finance Ministry. An attack on the ministry impacted several processes, including tax collection, the payment of public employees, and the importation and exportation of goods through Costa Rica’s customs agency.
Further attacks were waged against Costa Rica’s Labor Ministry, the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the National Meteorological Institute (IMN), the Radiográfica Costarricense (RACSA), and a human resources portal belonging to the country’s Social Security agency, Caja Costarricense de Seguro Social.
Head of MICITT, Paola Vega Castillo, said that while the contents of his ministry’s web page had been modified, no evidence had been found to suggest that any data belonging to the ministry had been extracted.
Speaking at a press conference on Wednesday, Castillo said that a “process of extracting email archives” had been detected in the attacks on RACSA and IMN.
Russian-speaking ransomware group Conti claimed responsibility for the attacks, but neither the identity nor the geographical location of the perpetrators has been confirmed by the Costa Rican government.
Conti claims to have gained access to about 800 servers belonging to the government and has reportedly demanded a ransom payment of $10m. The gang claims to have stolen 1TB of data in the attack, including 900GB of databases from a tax administration portal and 100GB of internal documents containing personal information which belong to the Ministry of Finance.
Costa Rica President Carlos Alvarado said: “The Costa Rican state will not pay anything to these cyber-criminals.”
Minister of the Presidency Geannina Dinarte Romero said that Israel, Spain, the United States, Microsoft, and GBM had offered to help Costa Rica regain control of its computer systems.
You can also read this: North Korea Funding Nuclear Program with Cyber Activity