New ransomware attack disrupts Costa Rica’s public health system

ransomware Health center in Heredia, Costa Rica. Photo: Klishex/Shutterstock
Health center in Heredia, Costa Rica. Photo: Klishex/Shutterstock

Less than a month after President Rodrigo Chaves declared a state of emergency due to ransomware attacks against Costa Rican government servers, a new wave of hacks forced San José to shut down its Costa Rican Social Security Fund, commonly known as CCSS.

The public health and pension agency reported that at least 800 of its over 1,500 servers were targeted by the latest ransomware attacks. Preventive measures, however, saved servers from having sensitive personal data encrypted, said CCSS head Álvaro Ramos. 

The organization added that it has over 300 experts working on the issue, as payroll schedules and pension payments were not affected this time. Unlike what happened during April and May, when Costa Rica was targeted by its worst-ever hacking attack, the new wave of cybercrimes seemed to be conducted by a ransomware gang known as “Hive.”

Previously, the raids were spearheaded by Russian-backed group Conti. Recently, Conti increased its requested ransom and stepped up threats against the Costa Rican government, promising to end Mr. Chaves’ administration. The group was later reportedly dismantled after U.S. enforcement. 

This time, Hive demands a USD 5 million ransom in Bitcoin to decrypt the stolen data. But once again, San José denies holding any negotiations with what the president called a “criminal group.” The CCSS said servers will be back up and running soon and that the Covid vaccination campaign will not be affected by the standstill.