Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

What We Can Learn from Conti's Ransomware Attack on Costa Rica


In mid-April, Costa Rica was hit with a major ransomware attack that virtually ground its international trade to a halt. The attack targeted the country's Ministry of Finance or Ministerio de Hacienda, which affected export and import services for weeks. Disrupting businesses across the country and abroad.  

Then, just as government officials started to get a grip on the attack, they were hit with another. That one aimed at the country's social services agency, plunging the nation's health care system into disarray. That caused over 30,000 medical appointments to be rescheduled and caused massive disruption to Costa Rican health institutions. 

In the middle of the mayhem was the notorious Russia-linked ransomware collective, Conti. The cybercriminals claimed responsibility for the first attack, while Hive, another group linked to the gang, declared ownership of the second one. 

The attacks have created chaos as government officials scrambled to respond to the crisis. The group even threatened to overthrow the Costa Rican government at one point. Both incidents have caused millions of losses and forced affected organizations to turn to pen and paper just to keep functioning. 

Costa Rica has since declared a national emergency to curb the siege's impact. However, they have yet to answer how they will solve the crisis. 

It's a complicated situation that was compounded by the fact that the affected organizations were ill-prepared to handle cyber-attacks. It was a costly lesson on the importance of taking preventive measures like cybersecurity. Thankfully, it's one that you can learn from without suffering the consequences. 

At ITS, we are dedicated to helping organizations prevent the same outcome from happening to them. In this article, we'll dive into the lessons your organization can learn from Conti's ransomware siege on Costa Rica so you can do just that. 

What You Can Learn from Conti and Hive's Ransomware Attacks on Costa Rica 

If there is a silver lining to any cyber-attack, it has to be that you can learn lessons from it. In the case of Costa Rica's current situation, it's an expensive one they aren't likely to forget any time soon. Fortunately, you don't have to suffer the same fate to learn the same things. Take a look at some of the key takeaways you can glean from the attack: 

Insider Threats May Have Played a Part in the Attack 

Insider ThreatsIn one of Conti's messages, the group claimed that they have collaborators inside the Costa Rican government. They also threatened that they were working together to gain access to other systems. 

While you should always take anything coming from cyber criminals with a grain of salt, it's not entirely farfetched. Some cyber gangs today are making billions of dollars. That's more than enough to bribe their way into some of the most sensitive computer systems. 

In an article from the Verge, Jon Miller, CEO and co-founder of anti-ransomware software platform Halcyon, said that "We're at the point now where these ransomware groups make billions of dollars, so their ability to get access to these [networks] is only limited by their own desire." 

The Lesson: 

You can only do so much to protect against malicious insiders. However, there are ways to safeguard your technology so you can deter or detect their actions. Using security information and event management (SIEM) paired with other monitoring tools can help you keep tabs on suspicious behavior in your network. It can also aid with your investigation should a breach happen. In addition, managing who gets access to what can help contain an attack. 

Having these tools and processes in place and disseminating them across your team can help deter insiders with bad intentions. Especially if they know harmful actions can be traced back to them. 

Healthcare and Government Agencies Remain Prime Targets 

Healthcare and GovernmentIt's not a coincidence that Conti and Hive targeted Costa Rica's government and healthcare sectors. Both industries remain the most sought after by cybercriminals. That's because disruption in either one can have massive consequences that affect a lot of people. It makes it easier for attackers to add pressure and get that payout. In the case of Costa Rica, it halted international trade and shut down health centers across the country. 

The affected government agencies needed to deploy more countermeasures to deal with an attack successfully. However, it wouldn't be right to say that they didn't do anything to prevent one from happening either. They did. They successfully blocked over four million hacking attempts, according to Jorge Mora, the country's director of digital governance. But still, they fell short. High-risk sectors require more stringent security measures. 

The Lesson: 

If you are serving either sector, you can't do the bare minimum. You need to go the extra mile to protect your data. Double down on your cyber defenses, make sure you have several backups and test them regularly and make sure your team knows what to do when an attack occurs. 

Ransomware Attacks are Escalating 

Ransomware Attacks are EscalatingAccording to cybersecurity experts, the attack on Costa Rica stands out because of its sheer scale. In a Wired article, Emsisoft threat analyst Brett Callow said, "I can't recall another occasion when an entire federal government has been held to ransom like this—it's a first; it's quite unprecedented." That brings to light an unnerving question: is this going to be the next era of ransomware attacks? 

While cybercrime collectives might not routinely target national governments, the attack on Costa Rica could leave a lasting legacy. Conti and Hive proved that you could hold a country for ransom. 

The Lesson: 

Large-scale attacks like the one in Costa Rica are bound to happen again. Fail to prepare, and you prepare to fail. Conduct a security assessment on your network. Check on your existing security systems, test them and find out where you can improve. Seek out vulnerabilities that are commonly overlooked, and patch them up. In addition, try to adopt an assume-breach mindset. Assume that an intruder is already inside your network and try your best to find them. 

Ready to Apply These Lessons Against Ransomware Attacks? 

Conti and Hive's siege of Costa Rica was an unprecedented attack that pushed the country into a state of national emergency. It ground international trade to a halt and significantly disrupted the healthcare system. Thankfully, the attack also brings to light some useful lessons that you can glean and apply to your own environment. Things like keeping an eye on insider threats and why you need to prepare for large-scale ransomware attacks. 

At ITS, we help businesses make smart decisions with their technology by providing useful information that makes sense to you. Learn more about how you can prevent falling victim to ransomware attacks. Check out our article entitled: 6 Ways to Prevent Ransomware Attacks. 

4 Tips to Protect Your Small Business from Ransomware