Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
Krebs on Security recently released a post discussing Costa Rica’s involvement in the Conti ransomware group’s larger plans for the future. Last week, Costa Rica’s national health service was hacked by a Russian ransomware group referred to as Hive, just weeks after the country entered a state of emergency in response to a ransomware attack perpetrated by the Conti group. Cybersecurity experts assert that the two groups may actually be the same group, or at the very least working together. Hive may be helping Conti rebrand and evade international sanctions that are targeting payouts to Russian-based cybercriminals.
According to local sources, many small health centers located in rural areas have been forced to close due to lack of equipment, communication, and blockage of the National Retirement Fund. The Hive ransomware was reportedly deployed on at least 30 of 1,500 government servers. It is unclear how long it will take the health service to recover from the attack. The Conti and Hive ransomware attacks mark an increase in attention directed towards Latin America. In April, Conti announced it had hacked Peru’s National Directorate of Intelligence, and threatened to publish data. Although security researchers believe that the recent attack may have been a tool of publicity for Conti, or an attempt to look like it is still in operations, it had significant implications for the entities targeted.