[3][4][5] As a consequence, the government had to shut down the computer systems used to declare taxes and for the control and management of imports and exports, causing losses to the productive sector on the order of US$30 million per day.
[10][11] On May 8, 2022, the new president of Costa Rica, Rodrigo Chaves Robles, decreed a state of national emergency due to cyber attacks, considering them an act of terrorism.
[18] Conti Group is a criminal organization dedicated to carrying out ransomware attacks, stealing files and documents from servers and then demanding a ransom.
Its modus operandi is to infect computers with the Conti malware, which operates with up to 32 individual logical threads, making it much faster than most viruses of its kind.
In April 2021, a member of the Conti Group claimed to have an anonymous journalist take a 5% cut of ransomware payments by pressuring victims to pay.
[20] During the Russian invasion of Ukraine of 2022, the Conti Group announced its support for Russia and threatened to implement "retaliatory measures" if cyber-attacks were launched against the country.
Undercover Tampa, Florida Field Office agents acquired full access and acted as a subsidiary in the Hive network undetected for seven months, while gathering evidence and secretly generating decryption keys for victims to recover their data.
in January 2023, the United States Department of Justice announced that they had dismantled Hive by seizing the group's servers, in coordination with Germany and the Netherlands.
In the last few hours, the exposure of some of the data belonging to the General Directorate of Customs has been detected, which is carrying out the information investigation processes, as established in the response plan.
The data identified so far are of a historical nature and are used by the National Customs Service as inputs and support.Hours after the Treasury statement, the microsite of the Ministry of Science, Innovation, Technology and Telecommunications suffered a defacement with a message reading, "We greet you from Conti, look for us on your network.
"[40][41][42] Jorge Mora Flores, director of Digital Governance of Costa Rica, indicated that as a result of the attack, and because the affected server hosts other pages, the decision was made to turn it off while checks were carried out to determine to what extent security was breached.
[47] In the afternoon, the Government called a press conference at the Presidential House where it argued that the situation was under control, and that in addition to the Treasury, MICITT and the IMN, Radiografía Costarricense S.A. (RACSA), a state internet service provider, had been attacked through an internal email server breach.
[48][49] In the meantime, the Costa Rican Social Security Fund reported having suffered a cyber attack on its human resources site, which was being combated.
[52] The Minister of the Presidency, Geannina Dinarte Romero, indicated that this was a case of international organized crime and that the Government of Costa Rica would not pay any ransom.
[53] She also announced that they were receiving technical assistance from the governments of the United States, Israel and Spain, as well as from Microsoft, which operated the servers of the Ministry of Finance.
[66] On April 29, the government reported a hacking attempt to the Ministry of Economy, Industry and Commerce[67] and a day later against the National Liquor Factory and the municipalities of Turrialba and Golfito.
[71] On May 4, MICITT reported hacking attempts to the National Education Loan Commission and one more to the Cartago University College (CUC), although the latter was not Conti's responsibility.
[77] The president of the CCSS, Álvaro Ramos Chaves, affirmed that databases with sensitive information were not compromised but noted that at least thirty servers (of the more than 1,500 that the institution has) were contaminated with ransomware.
[82] On June 1, during a press conference at the Presidential Palace, the executive president of the CCSS, Álvaro Ramos Chaves, announced the opening of an administrative investigation against the agency's Information Technology Department for the hack, to determine if there was negligence.
President Chaves Robles noted that fewer than 15 CCSS computers had the microCLAUDIA system donated by Spain installed after the Conti attacks.
[83] Ramos Chaves also revealed that the effects of the attack were 27 times greater than what was reported on the first day: more than 800 servers and 9,000 end-user computers were affected, making it impossible to restore all systems within a week as initially planned.
Likewise, it announced that self-employed and voluntary insured workers would not be able to pay their monthly installments due to the impossibility of making the corresponding invoice.
[87] Likewise, 163 health establishments of the CCSS set up telephone lines for the population to answer questions regarding the continuity of services and the status of their medical appointments.
[88] On April 22, the then president-elect of Costa Rica, Rodrigo Chaves Robles, announced his intention to declare a national state of emergency once he assumed power due to the cyberattacks against the country's public sector.
[91] On May 16, President Chaves affirmed that the country was in a state of war due to Conti's hacks and denounced that there were nationals helping the "terrorist group" that the previous weekend had threatened to overthrow the newly elected government.
[93] On May 21, due to new protests, the unions negotiated with the government, which promised to pay the amounts owed and subsequently recover any sums overpaid to the workers.
[95] On May 30, the government announced that the MEP and the Finance Ministry had paid more than ₡6 billion colones as an extraordinary payroll corresponding to 25,618 movements pending cancellation due to the hack.