Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack

Costa Rica’s government has suffered another ransomware attack just months after several ministries were crippled in a wide-ranging attack by hackers using the Conti ransomware.

On Tuesday, Costa Rica’s Ministry of Public Works and Transport (MOPT) said in a statement that 12 of its servers were encrypted. Cybersecurity experts from the National Security Directorate and the Ministry of Science, Innovation, Technology and Telecommunications were called in to address the situation and all of MOPT’s computer systems were knocked offline. 

The government did not respond to requests for comment but released a follow-up statement on Wednesday saying international organizations were brought in for support.

Driving tests are still being conducted in person and while license issuance services were briefly disrupted, they are now being resumed. 

“Traffic Engineering and Public Works, navigation and maritime safety services, which were offered virtually, will be attended to in person until further notice,” the notice says. 

The MOPT warned citizens to watch out for scammers, noting that no one is being contacted by the ministry over email or phone to process any of its services.


Several other agencies either severed their connections to MOPT in an effort to contain the attack or said services were limited due to the attack. The ministry posted a similar message on Instagram

The country’s judiciary said it cut off its connection to MOPT, limiting the ability of the country’s traffic courts to function. 

“Until the link is enabled again, it will not be possible to download fines, tickets and other files,” the court system said on Twitter on Wednesday. 

“The measure is carried out as part of the protocol for this type of incident in order to ensure the technological infrastructure of the Judiciary.”

The Road Safety Council posted its own message on Thursday, writing that their computer infrastructure is separate from MOPT and was not affected by the ransomware attack. 

Just six months ago, Costa Rica’s government drew national headlines after being attacked by hackers using the Conti ransomware

Dozens of its government agencies — including the Ministry of Finance — had their servers encrypted in an attack that took place right as Costa Rica’s new President Rodrigo Chaves was taking over. The hackers even brought down one Costa Rican town’s energy supplier.

Chaves declared a national state of emergency in May, marking the first time a national leader responded to a cyberattack the same way they might respond to a military attack or natural disaster. ​​

Conti hackers later doubled down: “We are determined to overthrow the government by means of a cyberattack,” they said. “We have already shown you all the strength and power.”

Hackers using the Hive ransomware then attacked the country’s health services — canceling schedules and erasing medical records.

The Costa Rican government refused to pay the $10 million ransom issued by Conti and brought in help from several cybersecurity companies as well as officials from the governments of the United States, Spain, and Israel. 

No ransomware group has taken credit for the latest attack.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.