Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack

Costa Rica’s government has suffered another ransomware attack just months after several ministries were crippled in a wide-ranging attack by hackers using the Conti ransomware.

On Tuesday, Costa Rica’s Ministry of Public Works and Transport (MOPT) said in a statement that 12 of its servers were encrypted. Cybersecurity experts from the National Security Directorate and the Ministry of Science, Innovation, Technology and Telecommunications were called in to address the situation and all of MOPT’s computer systems were knocked offline. 

The government did not respond to requests for comment but released a follow-up statement on Wednesday saying international organizations were brought in for support.

Driving tests are still being conducted in person and while license issuance services were briefly disrupted, they are now being resumed. 

“Traffic Engineering and Public Works, navigation and maritime safety services, which were offered virtually, will be attended to in person until further notice,” the notice says. 

The MOPT warned citizens to watch out for scammers, noting that no one is being contacted by the ministry over email or phone to process any of its services.

Several other agencies either severed their connections to MOPT in an effort to contain the attack or said services were limited due to the attack. The ministry posted a similar message on Instagram. 

The country’s judiciary said it cut off its connection to MOPT, limiting the ability of the country’s traffic courts to function. 

“Until the link is enabled again, it will not be possible to download fines, tickets and other files,” the court system said on Twitter on Wednesday. 

“The measure is carried out as part of the protocol for this type of incident in order to ensure the technological infrastructure of the Judiciary.”

Hasta tanto no se habilite de nuevo el enlace, no se podrán descargar boletas de multas ni la creación automática de expedientes
La medida se realiza como parte del protocolo ante este tipo de incidentes con el fin de asegurar la infraestructura tecnológica del Poder Judicial.

— Poder Judicial CR (@PoderJudicialCR) January 18, 2023

The Road Safety Council posted its own message on Thursday, writing that their computer infrastructure is separate from MOPT and was not affected by the ransomware attack. 

Just six months ago, Costa Rica’s government drew national headlines after being attacked by hackers using the Conti ransomware. 

Dozens of its government agencies — including the Ministry of Finance — had their servers encrypted in an attack that took place right as Costa Rica’s new President Rodrigo Chaves was taking over. The hackers even brought down one Costa Rican town’s energy supplier.

Chaves declared a national state of emergency in May, marking the first time a national leader responded to a cyberattack the same way they might respond to a military attack or natural disaster. ​​

Conti hackers later doubled down: “We are determined to overthrow the government by means of a cyberattack,” they said. “We have already shown you all the strength and power.”

Hackers using the Hive ransomware then attacked the country’s health services — canceling schedules and erasing medical records.

The Costa Rican government refused to pay the $10 million ransom issued by Conti and brought in help from several cybersecurity companies as well as officials from the governments of the United States, Spain, and Israel. 

No ransomware group has taken credit for the latest attack.