London Daily

Focus on the big picture.
Thursday, Sep 18, 2025

Cyber attack causes chaos in Costa Rica government systems

Cyber attack causes chaos in Costa Rica government systems

Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refused to pay a ransom as it struggled to implement workarounds and braced itself as hackers began publishing stolen information.
The Russian-speaking Conti gang claimed responsibility for the attack, but the Costa Rican government had not confirmed its origin.

The Finance Ministry was the first to report problems Monday. A number of its systems have been affected from tax collection to importation and exportation processes through the customs agency. Attacks on the social security agency’s human resources system and on the Labor Ministry, as well as others followed.

The initial attack forced the Finance Ministry to shut down for several hours the system responsible for the payment of a good part of the country’s public employees, which also handles government pension payments. It also has had to grant extensions for tax payments.

Conti had not published a specific ransom amount, but Costa Rica President Carlos Alvarado said, “The Costa Rican state will not pay anything to these cybercriminals.” A figure of $10 million circulated on social media platforms, but did not appear on Conti’s site.

Costa Rican businesses fretted over confidential information provided to the government that could be published and used against them, while average citizens worried that personal financial information could be used to clean out their bank accounts.

Christian Rucavado, executive director of Costa Rica’s Exporters Chamber, said the attack on the customs agency had collapsed the country’s import and export logistics. He described a race against the clock for perishable items waiting in cold storage and said they still didn’t have an estimate for the economic losses. Trade was still moving, but much more slowly.

“Some borders have delays because they’re doing the process manually,” Rucavado said. “We have asked the government for various actions like expanding hours so they can attend to exports and imports.”

He said normally Costa Rica exports a daily average of $38 million in products.

Allan Liska, an intelligence analyst with security firm Recorded Future, said that Conti was pursuing a double extortion: encrypting government files to freeze agencies’ ability to function and posting stolen files to the group’s extortion sites on the dark web if a ransom wasn’t paid.

The first part can often be overcome if the systems have good backups, but the second is trickier depending on the sensitivity of the stolen data, he said.

Conti typically rents out its ransomware infrastructure to “affiliates” who pay for the service. The affiliate attacking Costa Rica could be anywhere in the world, Liska said.

A year ago, a Conti ransomware attack forced Ireland’s health system to shut down its information technology system, cancelling appointments, treatments and surgeries.

Last month, Conti pledged its services in support of Russia’s invasion of Ukraine. The move angered cybercriminals sympathetic to Ukraine. It also prompted a security researcher who had long been surveilling Conti to leak a massive trove of internal communications among some Conti operators.

Asked why Central America’s most stable democracy, known for its tropical wildlife and beaches, would be a target of hackers, Liska said the motivation usually has more to do with weaknesses. “They’re looking for specific vulnerabilities,” he said. “So the most likely explanation is that Costa Rica had a number of vulnerabilities and one of the ransomware actors discovered these vulnerabilities and was able to exploit it.”

Brett Callow, a ransomware analyst at Emsisoft, said he looked at one of the leaked files from the Costa Rican finance ministry and “there doesn’t seem to be much doubt that the data is legit.”

On Friday, Conti’s extortion site indicated it had published 50% of the stolen data. It said it included more than 850 gigabytes of material from Finance Ministry and other institutions’ databases. “This is all ideal for phishing, we wish our colleagues from Costa Rica good luck in monetizing this data,” it said.

That seemed to contradict Alvarado’s assertion that the attack was not about money.

“My opinion is that this attack is not a money issue, but rather looks to threaten the country’s stability in a transition point,” he said, referring to his outgoing administration and the swearing in of Costa Rica’s new president May 8. “They will not achieve it.”

Alvarado did allude to the possibility that the attack was motivated by Costa Rica’s public rejection of Russia’s invasion of Ukraine. “You also can’t separate it from the complex global geopolitical situation in a digitalized world,” he said.
Newsletter

Related Articles

0:00
0:00
Close
US Tech Giants Pledge Billions to UK AI Infrastructure Following Starmer's Call
Saudi Arabia cracks down on music ‘lounges’ after conservative backlash
DeepMind and OpenAI Achieve Gold at ‘Coding Olympics’ in AI Milestone
SEC Allows Public Companies to Block Investors from Class-Action Lawsuits
Saudi Arabia Signs ‘Strategic Mutual Defence’ Pact with Pakistan, Marking First Arab State to Gain Indirect Access to Nuclear Strike Capabilities in the Region
Federal Reserve Cuts Rates by Quarter Point and Signals More to Come
Effective and Impressive Generation Z Protest: Images from the Riots in Nepal
European manufacturers against ban on polluting cars: "The industry may collapse"
Sam Altman sells the 'Wedding Estate' in Hawaii for 49 million dollars
Trump: Cancel quarterly company reports and settle for reporting once every six months
Turkish car manufacturer Togg Enters German Market with 5-Star Electric Sedan and SUV to Challenge European EV Brands
US Launches New Pilot Program to Accelerate eVTOL Air Taxi Deployment
Christian Brueckner Released from German Prison after Serving Unrelated Sentence
World’s Longest Direct Flight China Eastern to Launch 29-Hour Shanghai–Buenos Aires Direct Flight via Auckland in December
New OpenAI Study Finds Majority of ChatGPT Use Is Personal, Not Professional
Hong Kong Industry Group Calls for HK$20 Billion Support Fund to Ease Property Market Stress
Joe Biden’s Post-Presidency Speaking Fees Face Weak Demand amid Corporate Reluctance
Charlie Kirk's murder will break the left's hateful cancel tactics
Kash Patel erupts at ‘buffoon’ Sen. Adam Schiff over Russiagate: ‘You are the biggest fraud’
Homeland Security says Emmy speech ‘fanning the flames of hatred’ after Einbinder’s ‘F— ICE’ remark
Charlie Kirk’s Alleged Assassin Tyler Robinson Faces Death Penalty as Charges Formally Announced
Actor, director, environmentalist Robert Redford dies at 89
The conservative right spreads westward: a huge achievement for 'Alternative for Germany' in local elections
JD Vance Says There Is “No Unity” with Those Who Celebrate Charlie Kirk’s Killing, and he is right!
Trump sues the 'New York Times' for an astronomical sum of 15 billion dollars
Florida Hospital Welcomes Its Largest-Ever Baby: Annan, Nearly Fourteen Pounds at Birth
U.S. and Britain Poised to Finalize Over $10 Billion in High-Tech, Nuclear and Defense Deals During Trump State Visit
China Finds Nvidia Violated Antitrust Laws in Mellanox Deal, Deepens Trade Tensions with US
US Air Force Begins Modifications on Qatar-Donated Jet Amid Plans to Use It as Air Force One
Pope Leo Warns of Societal Crisis Over Mega-CEO Pay, Citing Tesla’s Proposed Trillion-Dollar Package
Poland Green-Lights NATO Deployment in Response to Major Russian Drone Incursion
Elon Musk Retakes Lead as World’s Richest After Brief Ellison Surge
U.S. and China Agree on Framework to Shift TikTok to American Ownership
London Daily Podcast: London Massive Pro Democracy Rally, Musk Support, UK Economic Data and Premier League Results Mark Eventful Weekend
This Week in AI: Meta’s Superintelligence Push, xAI’s Ten Billion-Dollar Raise, Genesis AI’s Robotics Ambitions, Microsoft Restructuring, Amazon’s Million-Robot Milestone, and Google’s AlphaGenome Update
Le Pen Tightens the Pressure on Macron as France Edges Toward Political Breakdown
Musk calls for new UK government at huge pro-democracy rally in London, but Britons have been brainwashed to obey instead of fighting for their human rights
Elon Musk responds to post calling for the murder of Erika Kirk, widow of Charlie Kirk: 'Either we fight back or they will kill us'
Czech Republic signs €1.34 billion contract for Leopard 2A8 main battle tanks with delivery from 2028
USA: Office Depot Employees Refused to Print Poster in Memory of Charlie Kirk – and Were Fired
Proposed U.S. Bill Would Allow Civil Suits Against Judges Who Release Repeat Violent Offenders
Penske Media Sues Google Over “AI Overviews,” Claiming It Uses Journalism Without Consent and Destroys Traffic
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
French Debt Downgrade Piles Pressure on Macron’s New Prime Minister
US and UK Near Tech, Nuclear and Whisky Deals Ahead of Trump Trip
One in Three Europeans Now Uses TikTok, According to the Chinese Tech Giant
Could AI Nursing Robots Help Healthcare Staffing Shortages?
NATO Deploys ‘Eastern Sentry’ After Russian Drones Violate Polish Airspace
Anesthesiologist Left Operation Mid-Surgery to Have Sex with Nurse
Tens of Thousands of Young Chinese Get Up Every Morning and Go to Work Where They Do Nothing
×