Costa Rica still suffering from weeks of Cyber Attacks

Costa Rica has been the victim of a sustained ransomware attack over the last two months, leaving much of the infrastructure crippled. There is speculation that a previous administration may have been at fault for exposing weaknesses in the IT security. SEC, NFA and FINRA all have cyber security guidelines and it’s worth reviewing your approach in light of the ever changing and intensifying threat.

Costa Rica has been suffering from a cyber-attack since April 2022, where 27 government institutions were hit. The attacks have stopped operational and payment processes with a devastating impact on foreign trade and tax collection. The country is not able to perform automatic payment services, such as government employees’ salaries, collect taxes payments and custom services.

The hackers responsible for the attack, a Russian group named Conti, demanded $10 million in April and the price increased to $15 million after the Costa Rican government declined to pay. The country estimates a loss of $30 million per day, according to the Costa Rica congresswoman Gloria Navas.

President Carlos Alvarado, who declared a national emergency on May 8th, says the full extent of the damage is not yet known. The Conti hacking group has posted more than 600 gigabytes of government data online, including taxpayers’ information, and is threatening to publish more, according to the BBC. The group is also threating to delete the decryption keys needed to restore the government’s computer system

There is still some speculation around the reason for the attack. The president has accused the previous administration of being at fault, as an IT report was created listing all the flaws and cyber weakness of the government infrastructure.

Of course, cyber attacks are not limited to small governments in Central America. They are becoming more common across states, countries, utilities and industry, including, of course financial services.

What is a Ransomware attack?

Ransomware is a type of malware, or malicious software, that locks up a victim’s data or computing device and threatens to keep it locked unless the victim pays the attacker a ransom.

The ransomware attack starts with an infection of the network that will map the location of important data. Information is saved in an encrypted folder and deleted from its original location. The cyber attacker will get in contact requesting a payment (usually in cryptocurrency) to return the data.  There is no guarantee the data will be delivered.

Preventing and preparing for a cyber attack

Every firm should have arrangements in place to protect them against cyber attacks. These should include a cybersecurity policy that includes actions in case of attack, training of that cyber security policy, penetration tests, patching, phishing email tests with employees, and constant review and update.

Employees should be guided to always report suspicious emails to the IT department, and, in a case where an employee suspects they may have allowed malware into the company network, they should inform the Chief Technology Officer (or channel indicated in the internal policies) immediately.

Additional steps advised or required by other government bodies are:

  1. Establish a point of contact with your local FBI (US)  (
  2. You are required to report a cyber attack through SAR (Suspicious Activity Report) at the FinCen website.
  3. Business Continuity Plan should include a data backup plan, including an external hard drive.
  4. Policies and procedures should also be kept updated in a hard copy, in case the attack does not allow the company to reach out the digital versions.
  5. Limit personal device usage, applications installed on the device, increase browser security section, disable vulnerable browser plugins (e.g. Adobe Flash), use web filtering to prevent users from visiting malicious sites, disable macros on word processing and other vulnerable application. Limit website access and restrict more risky websites (e.g. Social Media, web email).

Additional cybersecurity guidance:

We can help

Bovill can help you review your policies and procedures to confirm they comply with your regulatory framework. In addition, cyber security should be frequently reviewed using a risk-based approach as part of the annual compliance program review and during the Business Continuity Plan testing.

Want more insights like this?

Join our mailing list