• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
second ransomware group attacks costa rica

Second ransomware group attacks Costa Rica

You are here: Home / General Cyber Security News / Second ransomware group attacks Costa Rica
June 1, 2022

Shutterstock

Costa Rica has been hit by a ransomware attack from a 2nd ransomware group, this time concentrating on its health service.

The Costa Rican Social Security Fund (CCSS) verified yesterday that it had experienced an attack early in the early morning, even though it claimed its databases that contains facts on payroll and pensions hadn’t been afflicted.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The CCSS claimed it was carrying out an evaluation to try out and restore critical companies, but it was not achievable to identify when they will be running all over again. As a cautionary measure, it has also taken all of its devices offline.

A notice from the CCSS stated that several internal programs ended up down. Only workers operating from residence would also be in a position to access Business 365 and it encouraged personnel not to connect to its network as a result of a VPN until it experienced new details on the attack.

CCSS sufrió hackeo en la madruga de este martesEl hackeo se dio en horas de la madrugada de este martes 31 de mayo.Se están realizando los análisis correspondientes.Las bases de datos de Edus, Sicere, planillas y pensiones no se vieron comprometidas.

— CCSSdeCostaRica (@CCSSdeCostaRica) Could 31, 2022

Community workers working in the overall health service also stated on Twitter that their printers commenced printing pages of ASCII-dependent textual content by by themselves ahead of the attack had been noted.

The attack seems to be carried out by the Hive ransomware group, in accordance to journalist Brian Krebs who has viewed the ransom note. 

This photograph reveals a signal hanged outside a community wellness heart in Costa Rica 🇨🇷 outlining to the people that all methods are down till more detect immediately after a new wave of cyberattacks has impacted the National Health care Techniques @briankrebs pic.twitter.com/NqW23L9QVV

— Esteban Jiménez Ciberseguridad (@Xyb3rb3nd3r) May well 31, 2022

This is a distinctive team to Conti, which experienced been concentrating on the region formerly. The Conti ransomware attack compelled the place to declare a state of crisis at the start out of Might just after it emerged that it experienced impacted 27 federal government establishments. The ransomware group also threatened to overthrow the Costa Rican government right after demanding that it shell out $10 million in ransom.

Nonetheless, the Conti ransomware team is slowly shutting down, in accordance to a report from Bleeping Laptop or computer. Infrastructure is staying taken offline and group leaders have been informed that the brand name is no much more.

Why did Conti attack Costa Rica?

Research from Advintel confirmed that former Conti users may perhaps have migrated to Hive, shedding Conti’s title and impression. 

The researchers observed that Conti performed the attack on Costa Rica for publicity as an alternative of ransom, and was organised by the team as it started restructuring alone. It was extremely vocal about the attack, consistently including new political statements, and served carry the team into the highlight when serious restructuring was taking position.

“The only purpose Conti experienced needed to satisfy with this last attack was to use the system as a resource of publicity, accomplishing their possess demise and subsequent rebirth in the most plausible way it could have been conceived,” claimed Advintel.

Esto empezaron a imprimir las impresoras ellas solas, a media madrugada, nadie entendía que pasaba hasta que nos avisaron por sonido que apagáramos todas las computadoras #HackeoCCSS pic.twitter.com/V9TkwykxhW

— Derecho a la felicidad!!! (@Gerdex) May perhaps 31, 2022

Conti has been arranging the rebranding for many months. It has adopted a different construction which is shaped as a coalition of several new subdivisions. Some of these are impartial while other individuals exist in a further ransomware collective. They are all united, nevertheless, by inside loyalty to each and every other and the Conti management, stated the study.

The network contains two distinct teams. Thoroughly autonomous groups which concentration on thieving knowledge, like Karakurt, BlackBasta, and BlackByte.

The next form is semi-autonomous, which acts as Conti-faithful collective affiliate marketers inside other collectives. This contains AlphV/BlackCat, Hive, HelloKitty/FiveHands, and AvosLocker.




Some components of this write-up are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Nearly Three-Quarters of Firms Suffer Downtime from DNS Attacks
Next Post: Chinese hackers exploit Microsoft zero-day as list of vulnerable Office products grows chinese hackers exploit microsoft zero day as list of vulnerable office»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.