The international criminal organization Conti -based in Russia-, which specializes in extracting sensitive data from government agencies and attacking public platforms, is said to be behind the cyber-attacks suffered by the governments of Costa Rica and Peru, which have both countries on high alert.
In the case of Costa Rica, a severe cyber-attack with ransomware occurred last April, which would have affected mainly the Ministry of Finance, with the theft of 1TB of internal data, which forced the government to disable several computer services, such as customs, tax, and other financial systems, as well as entities such as the Administrative Board of the Electric Service of the province of Cartago (Jasec); the Ministry of Science, Innovation, Technology, and Telecommunications; the Ministry of Labor and Social Security; the National Meteorological Institute (IMN); Radiográfica Costarricense (Racsa); the Costa Rican Social Security Fund (CCSS); the Development and Family Allowances Fund (Fodesaf) and the Inter-University Headquarters of Alajuela (Siua).
This led the government of the recently assumed President Rodrigo Cháves to declare a state of National Emergency on May 8, since they have no power of decision, nor control over the hacked government entities.
Conti announced in his blog on the dark web that he hacked 800 servers of the Costa Rican Ministry of Finance, asking for a payment of US$ 10 million to return the stolen files.
The Chaves government refused to negotiate with the group, however, the US government intervened, offering a reward of up to US$15 million to anyone who provided information to identify members of the group. And while Conti initially put the charge for stopping the cyberattacks at US$ 10 million, the organization doubled the price after the cooperation and the reward offered by the US.
In addition to the breach of national security and private information, another problem caused by this cyber-attack is related to the economy. The Chamber of Foreign Trade assured that the fall in the Customs systems had generated losses of more than US$ 200 million. Another example of how this attack has affected Costa Rica, is reflected in The attack has spread progressively, the theft of information from the Administrative Board of the Cartago Electricity Service (JASEC), has paralyzed the system that manages the electricity supply of about 160 thousand people in the city located southeast of the capital San José.
This is causing panic throughout the country, as companies and individuals fear that more confidential information will be published and used against them.
Lately, it became known that Peru was also attacked by Conti, and the situation is as complicated as in Costa Rica. The hackers uploaded files on their dark website with evidence that they have valuable information in their possession, claiming that they have access to critical infrastructure, including the water and electricity network. The first attack was on the General Intelligence Directorate (Digimin) of the Ministry of the Interior.
In Argentina, Conti tried to break into the servers of the municipalities of Santa Barbara, Heredia, Buenos Aires, and Puntarenas. However, they did not manage to hijack information or affect local government services.
The threat is latent in Latin America, whose governments will have to be vigilant and reinforce their cybersecurity measures to prevent cyber attacks.
Who are the Conti group?
– Conti is one of the largest ransomware gangs in the world.
– They are based in Russia and were first detected in 2019 and were one of the most active cybercriminal groups in 2021.
– Among the largest cyber attacks carried out was the one that impacted Ireland’s healthcare system in 2021 and led to the disruption of its operations.
– It also attacked 22 other U.S. healthcare institutions, as well as the manufacturing, food, financial, banking, technology, and construction sectors.
– Last February, the Conti group vowed to attack enemies of the Kremlin if they responded to Russia’s invasion of Ukraine.
– Among the main initial access vectors used by Conti are phishing emails, RDP services exposed to the Internet, and exploitation of vulnerabilities.
– This type of malware encrypts information and demands a ransom in exchange.