WASHINGTON — Teachers can’t collect their salaries. Customs and tax payments are paralyzed. Physicians do not have access to their patient records or observe the spread of COVID-19. The problems facing Costa Rica are so many that its president declares war on foreign hackers and says they want to bring down his government. For two months Costa Rica has been the target of cyber hackers who demand “ransoms” to unlock access to personal systems and files, known as ransomware, and have disrupted life in this Central American nation. The situation raises questions about the extent to which the United States should help friendly nations protect themselves from cyberattacks by Russian criminal gangs, now targeting less-developed nations in a way that could have far-reaching global repercussions. “Today it is Costa Rica. Tomorrow it could be the Panama Canal,” said Belisario Contreras, former director of the cybersecurity program at the Organization of American States. Last year, cybercriminals launched ransomware attacks in the United States that forced an oil pipeline to shut down, disrupted production at the world’s largest meat processor and caused problems for a major software firm with thousands of customers. all over the world. The Joe Biden administration responded with a series of measures that included law reforms and intelligence initiatives to combat ransomware gangs. Since then, those gangs have distanced themselves from America’s “big fish” and focused on targets unlikely to elicit such forceful responses. “They’re still prolific, making huge amounts of profit, but they’re not in the newspapers every day anymore,” Eleanor Fairford, deputy director of the UK’s National Cyber Security Center, said at a recent US ransomware conference. Tracking down ransomware attacks, in which gangs encrypt victims’ information and ask for money to decrypt it, isn’t easy. The NCC Group, a British cybersecurity firm that monitors ransomware attacks, says there have been more such attacks per month this year than in 2021. It noted that the CLOP organization, which specializes in ransomware attacks on schools and health centers, resumed its activities after suspending operations for several months. However, the director of cybersecurity at the US National Security Agency, Rob Joyce, said publicly that ransomware attacks have decreased since Russia invaded Ukraine because more precautions are taken to prevent them and because of international sanctions, which make it difficult for them to life, especially the transfer of money, to gangs operating from Russia. A gang known as Conti launched the first attack against a Costa Rican government entity in April, demanding a $20 million ransom, prompting new President Rodrigo Chaves to declare a state of emergency after tax collection was halted. , customs, utilities and other services. “We are at war and that is not an exaggeration,” Chaves said. Later, a second attack, attributed to a group known as Hive, disabled the public health service and other systems. Medical prescriptions cannot be issued online and some workers have not received their salaries for weeks. This caused enormous upheaval for people like Álvaro Fallas, a 33-year-old religious education teacher. “I live with my parents and a brother, who depend on me,” he said. In Peru, Conti attacked the intelligence services of that nation. His darkweb extortion portal publishes documents purportedly stolen from those services, such as one listed as “secret” detailing efforts to eradicate coca plantations. Experts believe that developing nations like Costa Rica and Peru are attractive targets. They have digitized their economies and their systems, but they do not have sophisticated defenses against cyber attacks. A stable country Costa Rica has been a stabilizing force in a conflict-ridden region. It has a strong democratic tradition and government services function well. Paul Rosenzweig, who was a senior official of the US National Security Service and is now a consultant on cyber issues, with legal residence in Costa Rica, said that the country emerges as proof of the commitment that the US government has with its friends and allies that fall victim to ransomware attacks. He noted that while an attack on another country may not directly affect US interests, it is in Washington’s interest to limit the ways in which hackers can disrupt the global economy with their ransomware attacks. “Costa Rica is a perfect example because it is the first,” said Rosenzweig. “There has never been a sustained attack on a government.” The Biden government has not spoken out too publicly regarding the situation in Costa Rica. The United States provided some technical assistance through its Cybersecurity and Infrastructure Cybersecurity Agency, through a program that shares information with other countries. The State Department, for its part, offered a reward for the arrest of members of Conti. Eric Goldstein, deputy executive director of the government cybersecurity agency CISA, said that Costa Rica has an emergency response team that already had a strong relationship with US services since before these incidents. But the United States is expanding its international presence with its first overseas attache, in the United Kingdom. And he plans to appoint more attaches elsewhere. “If we look at our role, that of CISA and the US government, it is to protect US organizations. But we know intuitively that the same gangs are exploiting the same vulnerabilities to target victims all over the world,” Goldstein said. Conti is one of the most prolific ransomware gangs in operation. He has attacked more than 1,000 targets and received more than $150 million in ransoms in the last two years, according to the FBI. As the invasion of Ukraine began, some Conti members pledged on the group’s darkweb portal to “use all our possible resources to hit critical infrastructure of an enemy” if Russia was attacked. Shortly after, conversations that appeared to belong to the gang were leaked through the networks, some of which could show ties between the gang and the Russian government. Some experts say that Conti could be reconfiguring itself and that the attack on Costa Rica could be a publicity stunt to make people think that the organization is disappearing. Ransomware groups that generate a lot of attention often disappear, but their members start operating under another name. Conti denied on the darkweb that this is the case and continues to post files on his victims. Among his most recent targets is a food distributor in Chile. Connect with the ! Subscribe to our channel Youtube and turn on notifications, or follow us on social media: Facebook, Twitter and Instagram.
RELATED
