Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Costa Rica Public Health System Targeted by Ransomware

Another attempted hacking of a Costa Rican government agency’s computer system led the country’s public health agency to shut down its systems Tuesday to protect itself, complicating the medical care of thousands of people.

Another attempted hacking of a Costa Rican government agency’s computer system led the country’s public health agency to shut down its systems Tuesday to protect itself, complicating the medical care of thousands of people.

At least 30 of the Social Security agency’s 1,500 servers were infected with ransomware, according to the government.

The latest breach follows an attack by the Russian-speaking Conti gang in April. That ransomware attack targeted multiple Costa Rican government agencies, especially its finance ministry, which still has not recovered control of some of its systems.

This time the attack appeared to come from another ransomware gang known as “Hive.”

Conti and Hive were separate ransomware operations, said Brett Callow, a ransomware analyst at Emsisoft. Some analysts more recently, however, suspect they have established some sort of working relationship.

“At a minimum, it would seem that somebody who works with Conti is also working with Hive,” Callow said. “Conti likely partnered with other ransomware operations because it’s been increasingly challenging for them to collect payments since declaring their support for Russia and threatening attacks on U.S. critical infrastructure.”

Álvaro Ramos, president of the Social Security agency, said in a news conference Tuesday that the quick shutdown of their systems prevented the cyber criminals from gaining control and encrypting their data as happened in the earlier attacks. He said that no ransom had been demanded.

Later Tuesday, however, a portal Hive uses to negotiate with its targets appeared to indicate otherwise.

“To decrypt your systems you have to pay $5,000,000 in Bitcoin,” Hive’s message said.

Payroll and pension were not affected, according to the Social Security agency’s general manager Roberto Cervantes. He added that some 300 systems experts were working on the issue.

But for Costa Ricans who depend on the public health system, Tuesday was a confusing mess.

Roger González, a retired publicist in San Jose, said that when he arrived for a scheduled medical appointment Tuesday he found that all systems were down and everything was being written on paper.

“The first thing the guard told us was that there was no system, to wait for the doctor because she would attend to us with the physical (medical) file, not with the computer, because they do not want to turn them on allowing the virus to spread,” he said.

González said he was also told he would not be able to fill his prescriptions in the health center’s pharmacy for the next two days and that an electrocardiogram that he was supposed to schedule Tuesday would be put off until systems were back up.

The shut down was also keeping the government from updating its COVID-19 infection numbers amid a new wave of infections, according to Health Ministry. It also meant the Health Ministry could not issue orders to those infected to isolate.

Social Security agency officials said they expected their systems to be back up in the coming days and that meanwhile the country’s COVID-19 vaccination campaign would continue.

RelatedRansomware Gang Threatens to Overthrow Costa Rica Government

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.