Another attempted hacking of a Costa Rican government agency’s computer system led the country’s public health agency to shut down its systems Tuesday to protect itself, complicating the medical care of thousands of people.
At least 30 of the Social Security agency’s 1,500 servers were infected with ransomware, according to the government.
The latest breach follows an attack by the Russian-speaking Conti gang in April. That ransomware attack targeted multiple Costa Rican government agencies, especially its finance ministry, which still has not recovered control of some of its systems.
This time the attack appeared to come from another ransomware gang known as “Hive.”
Conti and Hive were separate ransomware operations, said Brett Callow, a ransomware analyst at Emsisoft. Some analysts more recently, however, suspect they have established some sort of working relationship.
“At a minimum, it would seem that somebody who works with Conti is also working with Hive,” Callow said. “Conti likely partnered with other ransomware operations because it’s been increasingly challenging for them to collect payments since declaring their support for Russia and threatening attacks on U.S. critical infrastructure.”
Álvaro Ramos, president of the Social Security agency, said in a news conference Tuesday that the quick shutdown of their systems prevented the cyber criminals from gaining control and encrypting their data as happened in the earlier attacks. He said that no ransom had been demanded.
Later Tuesday, however, a portal Hive uses to negotiate with its targets appeared to indicate otherwise.
“To decrypt your systems you have to pay $5,000,000 in Bitcoin,” Hive’s message said.
Payroll and pension were not affected, according to the Social Security agency’s general manager Roberto Cervantes. He added that some 300 systems experts were working on the issue.
But for Costa Ricans who depend on the public health system, Tuesday was a confusing mess.
Roger González, a retired publicist in San Jose, said that when he arrived for a scheduled medical appointment Tuesday he found that all systems were down and everything was being written on paper.
“The first thing the guard told us was that there was no system, to wait for the doctor because she would attend to us with the physical (medical) file, not with the computer, because they do not want to turn them on allowing the virus to spread,” he said.
González said he was also told he would not be able to fill his prescriptions in the health center’s pharmacy for the next two days and that an electrocardiogram that he was supposed to schedule Tuesday would be put off until systems were back up.
The shut down was also keeping the government from updating its COVID-19 infection numbers amid a new wave of infections, according to Health Ministry. It also meant the Health Ministry could not issue orders to those infected to isolate.
Social Security agency officials said they expected their systems to be back up in the coming days and that meanwhile the country’s COVID-19 vaccination campaign would continue.
Related: Ransomware Gang Threatens to Overthrow Costa Rica Government
