[ad_1]
WASHINGTON — A Russian hacking cartel has carried out an extraordinary cyberattack against the Costa Rican government, disrupting its tax collection and export systems for more than a month now, forcing the country to declare a state of emergency.
Russia-based ransomware gang Conti claimed responsibility for the attack, which began on April 12, and threatened to leak the stolen information if $20 million was not paid. Experts watching Conti’s moves said the group has recently begun to shift its focus from the US and Europe to countries in Central and South America, perhaps in retaliation against countries supporting Ukraine.
Some experts also believe that Conti feared US pressure and sought new targets independent of politics. According to estimates by the Federal Bureau of Investigation, the group is responsible for more than 1,000 ransomware attacks worldwide, generating more than $150 million in revenue.
“Ransomware cartels are less likely to blink when multinational companies in the US and Western Europe have to pay a godless sum to run their business,” said Juan Andres Guerrero-Saade, SentinelOne’s principal threat researcher. “But at some point, you’re going to empty that space.”
Whatever the reason for the change, the hack showed Conti was still acting aggressively despite speculation that the gang might disband after Russia was the target of a hacking operation in the early days of the Ukraine war. The criminal organization, which pledged support to Russia in the wake of the invasion, routinely targets businesses and local government agencies by infiltrating their systems, encrypting data and demanding ransom to restore it.
“This is probably the most significant ransomware attack to date,” said Brett Callow, a threat analyst at Emsisoft, about the Costa Rican piracy.
“This is the first time I remember a ransomware attack that caused a national emergency to be declared,” he said.
Costa Rica said it refused to pay the ransom.
The hacking campaign took place after Costa Rica’s presidential election and quickly became a political stick. The previous administration downplayed the attack in its first official news releases, describing it as a technical problem and projecting stability and calm. But the newly elected president, Rodrigo ChavesHe began his mission by declaring a national emergency.
“We are at war,” Mr. Chaves said at a press conference on Monday. He said 27 government agencies were affected, nine of them important, by the ransomware attack.
According to Mr. Chaves’ administration, the attack began on April 12, when hackers who said they were affiliated with Conti broke into the Costa Rican Finance Ministry, which oversees the country’s tax system. The government said this month that the ransomware spread from there to other agencies that oversee technology and telecommunications.
Two former Treasury Department officials without the authority to speak publicly said hackers had access to taxpayer information, interrupting Costa Rica’s tax collection process, causing the agency to shut down some databases and a nearly 15-year-old system for storing revenue from the largest taxpayers. Most of the country’s tax revenues come from a relatively small pool of about a thousand large taxpayers, making it possible for Costa Rica to continue collecting taxes.
The country also relies on exports, and the cyber-attack forced customs officials to do their job only on paper. As the investigation and collection continues, taxpayers in Costa Rica are forced to submit their tax returns to financial institutions in person rather than relying on online services.
Mr. Chaves is a former World Bank official and finance minister who has pledged to shake up the political system. His government declared a state of emergency this month in response to the cyberattack, calling it “unprecedented in the country”.
“We are facing an inevitable situation of catastrophe, public calamity and internal and abnormal turmoil that cannot be controlled by the government without extraordinary measures,” Mr. Chaves’ administration said in an emergency statement.
The government said the state of emergency allowed institutions to act more quickly to rectify the violation. But a partial recovery could take months, and the government may never fully recover its data, cybersecurity researchers said. The government may have backups of some of its taxpayer information, but these backups will take some time to come online, and the government needs to make sure it removes Conti’s access to its systems first, the researchers said.
Russia-Ukraine War: Key Developments
in Mariupol. The bloodiest battle of the war in Ukraine ended in MariupolAs the Ukrainian army ordered the fighters to surrender to a steelworks in the city. Ukraine’s decision to end the war gave Moscow full control over a large area of southern Ukraine stretching from the Russian border to Crimea.
Paying the ransom does not guarantee recovery, as Conti and other ransomware groups are known to retain data even after receiving a payment.
“They’re looking at potentially total, permanent data loss unless they pay the ransom, have no intention of doing so, or have backups to enable them to recover their data,” said Mr. Callow.
When Costa Rica refused to pay the ransom, Conti began threatening to leak his data online by publishing some files he claimed contained stolen information.
“It is impossible to look at the decisions of the Costa Rican presidential administration without irony,” the group’s website said. “All of this could have been avoided by paying.”
On Saturday, Conti raised the stakes, threatening to delete keys to restore data if he didn’t receive payment within a week.
“In governments, intelligence agencies, and diplomatic circles, the debilitating part of the attack isn’t really ransomware. This is data theft,” said Mr. Guerrero-Saade from SentinelOne. “You’re probably in a position where incredibly sensitive information is in the hands of a third party.”
Among other attacks by Conti, the breach caused the U.S. State Department to join with the Costa Rican government to offer a $10 million reward to anyone who provides information leading to the identification of key leaders of the hacking group.
“The group carried out a ransomware incident against the Costa Rican government that seriously affected the country’s foreign trade by disrupting customs and tax platforms,” said State Department spokesman Ned Price. said in a statement. “By presenting this award, the United States demonstrates its commitment to protecting potential ransomware victims around the world from being exploited by cybercriminals.”
Kate Conger reported from Washington and David Bolaños from San José, Costa Rica.
[ad_2]
Source link