clearn.png
Thursday August 11th, 2022 11:38PM

Costa Rica chaos a warning that ransomware threat remains

By The Associated Press
Related Articles
  Contact Editor

WASHINGTON (AP) — Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country’s president declaring war against foreign hackers saying they want to overthrow the government.

For two months now, Costa Rica has been reeling from unprecedented ransomware attacks disrupting everyday life in the Central American nation. It's a situation raising questions about the United States' role in protecting friendly nations from cyberattacks when Russian-based criminal gangs are targeting less developed countries in ways that could have major global repercussions.

“Today it’s Costa Rica. Tomorrow it could be the Panama Canal,” said Belisario Contreras, former manager of the cybersecurity program at the Organization of American States, referring to a major Central American shipping lane that carries a large amount of U.S. import and export traffic.

Last year, cybercriminals launched ransomware attacks in the U.S. that forced the shutdown of an oil pipeline that supplies the East Coast, halted production of the world’s largest meat-processing company and compromised a major software company that has thousands of customers around the world.

The Biden administration responded with a whole of government action that included included diplomatic, law enforcement and intelligence efforts designed to put pressure on ransomware operators.

Since then, ransomware gangs have shied away from “big-game” targets in the U.S. in pursuit of victims unlikely to provoke a strong response by the U.S.

“They’re still prolific, they’re making enormous amounts of money, but they’re just not in the news everyday,” Eleanor Fairford, a deputy director at the UK’s National Cyber Security Centre, said at a recent U.S. conference on ransomware.

Tracking trends of ransomware attacks, in which criminals encrypt victims' data and demand payment to return them to normal, is difficult. NCC Group, a UK cybersecurity firm that tracks ransomware attacks, said the number of ransomware incidents per month so far this year has been higher than it was in 2021. The company noted that the ransomware group CL0P, which has aggressively targeted schools and health care organizations, returned to work after effectively shutting down for several months.

But Rob Joyce, the director of cybersecurity at the National Security Agency, has said publicly that there's been a decrease in the number of ransomware attacks since Russia's invasion of Ukraine thanks to increased heightened concerns of cyberattacks and new sanctions that make it harder for Russian-based criminals to move money.

The ransomware gang known as Conti launched the first attack against the Costa Rican government in April and has demanded a $20 million payout, prompting the newly installed President Chaves Robles to declare a state of emergency as the tax and customs offices, utilities and other services were taken offline. “We’re at war and this is not an exaggeration,” he said.

Later, a second attack, attributed to a group known as Hive knocked out the public health service and other systems. Information about individual prescriptions are offline and some workers have gone weeks without their paycheck. It’s caused significant hardship for people like 33-year-old teacher Alvaro Fallas.

“I live with my parents and brother and they are depending on me,” he said.

In Peru, Conti has also attacked the country’s intelligence agency. The gang’s darkweb extortion site posts purportedly stolen documents with the agency’s information, like one document market “secret” that details coca-eradication efforts.

Experts believe developing countries like Costa Rica and Peru will remain particularly ripe targets. These countries have invested in digitizing their economy and systems but don’t have as sophisticated defenses as wealthier nations .

Costa Rica has been a longtime stable force in a region often known for upheaval. It has a long established democratic tradition and well-run government services.

Paul Rosenzweig, a former top DHS official and cyber consultant who is now a legal resident of Costa Rica, said the country presents a test case for what exactly the U.S. government owes its friendly and allied governments who fall victim to disruptive ransomware attacks. While an attack on a foreign country may not have any direct impact on U.S. interests, the federal government still has a strong interest in limiting the ways in which ransomware criminals can disrupt the global digital economy, he said.

“Costa Rica is a perfectly good example because it’s the first,” Rosenzweig said. “Nobody has seen a government under assault before.”

So far, the Biden administration has said little publicly about the situation in Costa Rica. The U.S. has provided some technical assistance through its Cybersecurity and Infrastructure Security Agency, via an information-sharing program with nations around the world. And the State Department has offered a reward for the arrest of members of Conti.

Eric Goldstein, the executive assistant director for cybersecurity at CISA, said Costa Rica has a computer emergency response team that had an established relationship with counterparts in the U.S. before the incidents. But his agency is expanding its international presence by establishing its first overseas attache position in the U.K. It plans others in as-yet unspecified locations.

“If we think about our role, CISA and the US government, it is intrinsically of course to protect American organizations. But we know intuitively that the same threat actors are using the same vulnerabilities to target victims around the world," he said.

Conti is one of the more prolific ransomware gangs currently operation and has hit over 1,000 targets and received more than $150 million in payouts in the last two years, per FBI estimates.

At the start of invasion of Ukraine, some of Conti’s members pledged on the group’s dark web site to “use all our possible resources to strike back at the critical infrastructures of an enemy” if Russia was attacked. Shortly afterward, sensitive chat logs that appear to belong to the gang were leaked online, some of which appeared to show ties between the gang and the Russian government.

Some cyber threat researchers say Conti may be in the middle of a rebranding, and its attack on Costa Rica may be a publicity stunt to provide a plausible story for the group’s demise. Ransomware groups that receive lots of media attention often disappear, only for its members to pop back up later operating under a new name.

On its darkweb site, Conti has denied that’s the case and continues to post victims’ files. The gang’s most recent targets include a city parks department in Illinois, a manufacturing company in Oklahoma and food distributor in Chile.

___

AP writer Javier Córdoba contributed from San Jose, Costa Rica.

  • Associated Categories: Associated Press (AP), AP National News, AP Online National News, Top General short headlines, AP Online Headlines - Washington, AP World News, AP Business, AP Business - Corporate News, AP Business - Industries, AP Business - Utilities, AP Technology News
© Copyright 2022 AccessWDUN.com
All rights reserved. This material may not be published, broadcast, rewritten, or redistributed without permission.
Yellowstone Park gateway towns fret about tourism future
After the severe flooding, business owners in some of the gateway towns leading to Yellowstone National Park are trying to figure out how they’ll make ends meet without a steady stream of tourists
12:34AM ( 22 minutes ago )
Takeaways from AP interview: Biden on inflation, US psyche
President Joe Biden sat down with The Associated Press to discuss the state of the economy, his concerns about the national mood, and his commitment to standing up to Russia’s aggression in Ukraine
12:31AM ( 25 minutes ago )
Costa Rica chaos a warning that ransomware threat remains
Costa Rica has been reeling from unprecedented ransomware attacks disrupting everyday life in the Central American nation for the last two months
12:26AM ( 31 minutes ago )
Associated Press (AP)
GOP, Dem Senate bargainers divided over gun deal details
Democratic and Republican senators are at odds over how to keep firearms from dangerous people
10:57PM ( 2 hours ago )
AP Interview: Biden says a recession is 'not inevitable'
President Joe Biden says the American people are “really, really down” after a tumultuous two years with the coronavirus pandemic, volatility in the economy and now surging gasoline prices that are hitting family budgets
9:39PM ( 3 hours ago )
Panel sharpens focus on Trump's 'crazy' Jan. 6 plan
The Jan. 6 committee has plunged deeper into Donald Trump’s last-ditch effort to overturn the 2020 election
9:13PM ( 3 hours ago )
AP Online Headlines - Washington
Police: Amazon fisherman confesses to killing missing men
Brazilian authorities say a fisherman confessed to killing a British journalist and an Indigenous expert in Brazil’s remote Amazon region and took police to a site where human remains were recovered
9:17PM ( 3 hours ago )
EXPLAINER: Why Rwanda and Congo are sliding toward war again
The threat of war with neighboring Congo is simmering under the tidy surface of Rwanda’s capital as the East African nation hosts the British prime minister and other world leaders next week for the Commonwealth summit
8:28PM ( 4 hours ago )
Israel praises Argentina grounding plane with Iranian crew
Israel is praising Argentina for holding a Venezuelan plane that included Iranian crew, saying the flight shows Tehran is trying to expand its influence in South America
8:16PM ( 4 hours ago )
AP World News
Police: 2 dead, 1 hurt in church shooting; suspect detained
Police say a lone suspect fired on a small group meeting at a church near one of Alabama’s major cities, fatally wounding two people and injuring a third victim
11:55PM ( 1 hour ago )
Excitement and disappointment as World Cup 2026 cities named
Cheers and sighs met FIFA’s announcement of the host cities for the 2026 World Cup
11:46PM ( 1 hour ago )
Asian stocks follow Wall St lower on economy fears
Asian stock markets are mostly lower after Wall Street fell on fears interest rate hikes will depress global economic activity
11:43PM ( 1 hour ago )
AP Business
Floodwaters from Yellowstone surge through eastern Montana
Montana’s largest city has restarted its water plant after shutting it down amid record flooding that’s caused widespread damage in Yellowstone National Park and surrounding communities
3:55PM ( 9 hours ago )
Production at bedeviled baby formula factory halted by storm
Severe weather has forced Abbott Nutrition to pause production at a Michigan baby formula factory that had just restarted
1:09PM ( 11 hours ago )
Revlon, beauty icon in crowded market, files for bankruptcy
Revlon, a cosmetics maker that broke racial barriers and dictated beauty trends for much of the last century, is filing for Chapter 11 bankruptcy protection
11:50AM ( 13 hours ago )
AP Business - Corporate News
Wall Street tumbles on fears for economy as more rates rise
Wall Street tumbled Thursday as worries roared back to the fore that the world’s fragile economy may buckle under higher interest rates
5:32PM ( 7 hours ago )
Wall Street stumbles 3.3% as fears of a recession grow
Stocks slumped again on Wall Street Thursday, erasing another 3.3% from the S&P 500 and bringing the index 23.6% below the peak it reached in January
4:19PM ( 8 hours ago )
Stocks tumble on economy fears after briefest of reprieves
Markets worldwide are back to tumbling on Thursday as worries about a fragile economy roar back to the fore
3:10PM ( 9 hours ago )
AP Business - Industries
Residents improvise as Texas city rushes to turn water on
Residents of the West Texas city of Odessa have been improvising emergency water supplies after a water system outage left them high and dry for days amid scorching heat, even as utility crews scrambled to restore normal service
6:06AM ( 18 hours ago )
World shares mostly lower as US rate hike relief rally fades
Global shares are mostly lower after the Federal Reserve raised its key interest rate by three-quarters of a point and signaled more rate hikes were coming to fight inflation
5:52AM ( 19 hours ago )
Asia shares mixed after Fed assurance on rates lifts Wall St
Asian shares are mixed after the Federal Reserve raised its key interest rate by three-quarters of a point and signaled more rate hikes were coming to fight inflation
2:32AM ( 22 hours ago )
AP Business - Utilities
Kentucky court delves into use of cell phones for tracking
The Kentucky's Supreme Court has issued a sharply divided ruling against the warrantless use of cell phones as tracking devices by police
4:26PM ( 8 hours ago )
VP Harris launches task force on online harassment, abuse
Vice President Kamala Harris is launching a task force dedicated to fighting online harassment and abuse
2:48PM ( 10 hours ago )
EU beefs up disinformation code amid Russia fake news fears
The European Union is beefing up its code of practice on disinformation by enlisting more tech companies and adding measures to prevent online purveyors of fake news from profiting
8:42AM ( 16 hours ago )
AP Technology News
Yellowstone Park gateway towns fret about tourism future
After the severe flooding, business owners in some of the gateway towns leading to Yellowstone National Park are trying to figure out how they’ll make ends meet without a steady stream of tourists
12:34AM ( 22 minutes ago )
Takeaways from AP interview: Biden on inflation, US psyche
President Joe Biden sat down with The Associated Press to discuss the state of the economy, his concerns about the national mood, and his commitment to standing up to Russia’s aggression in Ukraine
12:31AM ( 25 minutes ago )
Australia's new prime minister considers visit to Ukraine
Australia’s new Prime Minister Anthony Albanese says he will take advice on whether to accept President Volodymyr Zelenskyy's invitation to visit Ukraine during an upcoming European trip
12:21AM ( 36 minutes ago )
FIFA picks 2026 World Cup cities, predicts US `No 1 sport'
Atlanta, Houston, Miami, Philadelphia and Seattle and Kansas City, Missouri, were the newcomers among the 11 U.S. sites picked to host games at the 2026 World Cup, while Baltimore, Cincinnati, Denver, Nashville, Tennessee, and Orlando, Florida, were left out
12:06AM ( 51 minutes ago )
Police: 2 dead, 1 hurt in church shooting; suspect detained
Police say a lone suspect fired on a small group meeting at a church near one of Alabama’s major cities, fatally wounding two people and injuring a third victim
11:55PM ( 1 hour ago )