Conti ransomware attack was aimed at destabilizing government transition, Costa Rican president says

Several systems operated by the government of Costa Rica were hit with a ransomware attack this week, according to the country’s president Carlos Alvarado Quesada.

The Conti ransomware group added systems connected to several government agencies to its list of victims on Tuesday and Wednesday. Government officials confirmed Conti’s involvement. 

Quesada said the attack was meant to “threaten the stability of the country in a transition situation.” The country elected a new president – former World Bank official Rodrigo Chaves – on April 4. 

Quesada released a video addressing the ransomware attack on Thursday, telling the public that the country will not pay the ransom, which some have said is $10 million.

“It is not just an attack on the institutions affected, the government or importers and exporters. It is a criminal cyberattack on the state and the entire country. It cannot be separated from the complex global geopolitical situation in a digitalized world,” he said. 

“There are several institutions that have been attacked, the most notable being the Ministry of Finance. Pension payments have already been deposited and social assistance, such as the Let's Advance program, will start tomorrow as is scheduled. The same will be done next week with the public forms as well work is being done to standardize import and export processes.” 

Quesada said the country was receiving support and assistance from private sector companies as well as the US, Israel and others. 

Finance Minister Elian Villegas told Reuters that the group breached the platforms managing customs, which included troves of historical taxpayer information considered "sensitive." 

One exporter union estimated that $200 million was lost on Wednesday due to the bottlenecks caused by a fourth day of outages related to the disruption of the tax and customs platforms. 

The Finance Ministry warned the country’s residents to be wary of phishing messages asking to create a new set of passwords.

Business leaders told the Associated Press that they were fearful of financial and personal information being stolen, leaked to the press or sent to government officials. 

The outgoing president signed a directive on Thursday that made it mandatory for all government bodies to report security incidents to the country’s Computer Security Incident Response Center. The directive also orders all agencies to patch systems, change passwords, disable unnecessary ports and monitor network infrastructure. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.