Second ransomware group attacks Costa Rica

Shutterstock

Costa Rica has been hit by a ransomware attack from a 2nd ransomware group, this time concentrating on its health service.

The Costa Rican Social Security Fund (CCSS) verified yesterday that it had experienced an attack early in the early morning, even though it claimed its databases that contains facts on payroll and pensions hadn’t been afflicted.

The CCSS claimed it was carrying out an evaluation to try out and restore critical companies, but it was not achievable to identify when they will be running all over again. As a cautionary measure, it has also taken all of its devices offline.

A notice from the CCSS stated that several internal programs ended up down. Only workers operating from residence would also be in a position to access Business 365 and it encouraged personnel not to connect to its network as a result of a VPN until it experienced new details on the attack.

CCSS sufrió hackeo en la madruga de este martesEl hackeo se dio en horas de la madrugada de este martes 31 de mayo.Se están realizando los análisis correspondientes.Las bases de datos de Edus, Sicere, planillas y pensiones no se vieron comprometidas.

— CCSSdeCostaRica (@CCSSdeCostaRica) Could 31, 2022

Community workers working in the overall health service also stated on Twitter that their printers commenced printing pages of ASCII-dependent textual content by by themselves ahead of the attack had been noted.

The attack seems to be carried out by the Hive ransomware group, in accordance to journalist Brian Krebs who has viewed the ransom note. 

This photograph reveals a signal hanged outside a community wellness heart in Costa Rica 🇨🇷 outlining to the people that all methods are down till more detect immediately after a new wave of cyberattacks has impacted the National Health care Techniques @briankrebs pic.twitter.com/NqW23L9QVV

— Esteban Jiménez Ciberseguridad (@Xyb3rb3nd3r) May well 31, 2022

This is a distinctive team to Conti, which experienced been concentrating on the region formerly. The Conti ransomware attack compelled the place to declare a state of crisis at the start out of Might just after it emerged that it experienced impacted 27 federal government establishments. The ransomware group also threatened to overthrow the Costa Rican government right after demanding that it shell out $10 million in ransom.

Nonetheless, the Conti ransomware team is slowly shutting down, in accordance to a report from Bleeping Laptop or computer. Infrastructure is staying taken offline and group leaders have been informed that the brand name is no much more.

Why did Conti attack Costa Rica?

Research from Advintel confirmed that former Conti users may perhaps have migrated to Hive, shedding Conti’s title and impression. 

The researchers observed that Conti performed the attack on Costa Rica for publicity as an alternative of ransom, and was organised by the team as it started restructuring alone. It was extremely vocal about the attack, consistently including new political statements, and served carry the team into the highlight when serious restructuring was taking position.

“The only purpose Conti experienced needed to satisfy with this last attack was to use the system as a resource of publicity, accomplishing their possess demise and subsequent rebirth in the most plausible way it could have been conceived,” claimed Advintel.

Esto empezaron a imprimir las impresoras ellas solas, a media madrugada, nadie entendía que pasaba hasta que nos avisaron por sonido que apagáramos todas las computadoras #HackeoCCSS pic.twitter.com/V9TkwykxhW

— Derecho a la felicidad!!! (@Gerdex) May perhaps 31, 2022

Conti has been arranging the rebranding for many months. It has adopted a different construction which is shaped as a coalition of several new subdivisions. Some of these are impartial while other individuals exist in a further ransomware collective. They are all united, nevertheless, by inside loyalty to each and every other and the Conti management, stated the study.

The network contains two distinct teams. Thoroughly autonomous groups which concentration on thieving knowledge, like Karakurt, BlackBasta, and BlackByte.

The next form is semi-autonomous, which acts as Conti-faithful collective affiliate marketers inside other collectives. This contains AlphV/BlackCat, Hive, HelloKitty/FiveHands, and AvosLocker.

Some components of this write-up are sourced from:
www.itpro.co.uk