Costa Rica has suffered one of the worst cyberattacks in recent history. Two major ransomware attacks paralysed essential services of the country: more than 30,000 medical appointments had to be rescheduled, tax payments had to be rescheduled, and international trade ground to a halt. Costa Rica declared a national emergency; the first time a country has done so in response to a cyberattack. What happened?
- In early April, ransomware attacks started hitting the systems of the Ministry of Finance, apparently impacting several terabytes of data on more than 800 servers.
- Other government entities soon followed: The Ministry of Labour and Social Security, the Costa Rican Social Security Fund, and healthcare systems.
- But the attack also targeted private institutions, crippling import and export operations.
- The source of the attacks seems to be the notorious Russia-linked hacker group Conti. The group is famous for ruthlessly targeting healthcare organisations. But the attack on Costa Rica stands out.
- The hacker group called for the Costa Rican government to be overthrown during the attacks, making the attack a geo-politically motivated one, at least in part.
Why does this matter for businesses?
The large-scale attack on Costa Rica sets a precedent. The attacker’s behaviours are more disturbing than ever: they have entered politics.
The attackers wrote on their blog: “I appeal to every resident of Costa Rica, go to your government and organise rallies. We are determined to overthrow the government by means of a cyber attack”.
For private companies this might mean a new era of ransomware: a geopolitical era. This means they are more likely to be targeted not because of their intellectual property or their data, but for political reasons. Or, they simply are collateral damage in a geo-politically motivated attack, as was the case with the 2017 NotPetya attack that spilled over from Ukraine to infect companies globally.
