Ransomware, Threat Management

Conti ransomware claims attack on Costa Rica

Share

Costa Rican government computer systems have been disrupted in a ransomware attack, which was claimed by the Conti ransomware gang, according to The Associated Press. Issues related to the attack were first reported by the country's Finance Ministry on Monday, which noted that the intrusion has compromised its tax collection, importation, and exportation systems, prompting shutdowns as well as the granting of tax payment extensions. Conti has already leaked 50% of the data it has stolen, including over 850GB from the Finance Ministry. The Social Security Agency's human resources system and the Labor Ministry, as well as other agencies also reported attacks afterward. Despite challenges in implementing workarounds, the Costa Rican government insisted that it will not pay the demanded ransom, which was said to be $10 million based on figures circulated across social media platforms. "The Costa Rican state will not pay anything to these cybercriminals," said Costa Rica President Carlos Alvarado. Recorded Future Intelligence Analyst Allan Liska said that Costa Rica may have had vulnerabilities that Conti may have discovered.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

ONNX phishing-as-a-service operation disrupted

Organizations in the financial services sector have been primarily targeted by the ONNX, whose Telegram-based operations had been cut off following a court order that allowed Microsoft to transfer the PhaaS platform's infrastructure to its servers, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada.

Ransomware attacks primarily caused by poor cyber hygiene

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks.

Related Events

Related Terms

BackdoorBotnetBrute ForceCorruptionCovert ChannelsDeauthentication AttackDeepfakeDefacementDictionary AttackDistributed Scans

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.