Share this article on:
The Costa Rican public health agency has had to shut down its systems this week to “protect itself” after another attempted hacking of the government agency’s computer system.
The latest hack on the Costa Rican government has impacted its health system, with at least 30 out of 1,500 servers that power Costa Rica's Social Security Fund infected with ransomware, according to the government. According to an AP report, the government agency shut down its systems in order "to protect itself", with the move complicating medical care for thousands of people.
This latest breach reportedly comes from another ransomware gang known as 'Hive'.
In a news conference, Álvaro Ramos, president of the Social Security Fund, explained that the quick shutdown of their systems prevented the cyber criminals from gaining control and encrypting their data as happened in the earlier attacks. Ramos emphasised that that no ransom had been demanded.
Following the news conference however, a portal the Hive uses to negotiate with its targets had set out ransom details.
"To decrypt your systems you have to pay $5,000,000 in bitcoin," Hive said.
According to Roberto Cervantes Barrantes, Social Security Fund's general manager, about 300 systems experts were working on the issue.
According to Health Ministry, the shut down caused by the Hive attack has impeded the Costa Rican government from updating its COVID-19 infection numbers amid a new wave of infections, which means the Health Ministry cannot not issue orders to those infected to isolate.
In April, the Costa Rican government was attacked by the Russian Conti gang, with that ransomware attacking multiple Costa Rican government agencies, including the finance ministry, which still has not recovered control of some of its systems.
Conti and Hive were separate ransomware operations, according to Brett Callow, a ransomware analyst at Emsisoft, however some analysts suspect the cyber threat gangs have established a 'working relationship.'
"At a minimum, it would seem that somebody who works with Conti is also working with Hive," Callow said.
"Conti likely partnered with other ransomware operations because it's been increasingly challenging for them to collect payments since declaring their support for Russia and threatening attacks on US critical infrastructure."
Costa Rican Social Security Fund officials are aiming for their systems to be back up in the coming days, confirming the South American country’s COVID-19 vaccination campaign will continue.
[Related: Albanese unveils Minister for Cyber Security]