Another alleged theft of a Costa Rican government firm’s computer network prompted the state’s national health authority to close down its servers on Tuesday to safeguard itself, delaying medical care for citizens.
As per the authorities, ransomware affected at least 30 of the National Insurance Administration’s 1,500 computers.
The new hack comes after a botched effort in April by the Russian-speaking Conti group. Several Costa Rican government entities were targeted by the cyberattack, including the ministry of finance, that has yet to restore order of some of its networks.
Another ransomware group known as “Hive” claimed to be behind the attack this time.
According to Brett Callow, a ransomware researcher from Emsisoft, Conti and Hive were two different ransomware campaigns. However, some observers believe they have recently created some type of working partnership.
“At the very least, it appears as whoever works with Conti is also dealing with Hive,” Callow added. “Conti likely teamed up with other ransomware organizations because collecting payments has become increasingly more difficult for them after professing support for Russia and threatening assaults on important infrastructure in the United States.”
In a news conference on Monday, Alvaro Ramos, the director of the Social Security Administration, said that the prompt suspension of their networks prevented cyber thieves from acquiring control and encrypting their data, as done in previous attacks. There had been no request for a ransom, he claimed.
However, a portal used by Hive to communicate with its targets seemed to indicate otherwise later Tuesday.
Hive’s letter stated, “To unlock your computers, you must pay $5,000,000 in Bitcoin.”
According to Roberto Cervantes, general manager of the Social Security Administration, payroll and retirement were unaffected. He went on to say that 300 system professionals were working on the problem.
Tuesday, however, was a perplexing disaster for Costa Ricans who rely on the public healthcare system.
When former publicist Roger González arrived for a planned doctor’s appointment in San Jose on Tuesday, he discovered that all services were down and that everything is being recorded on paper.
“The very first thing the guard informed us was that there was no network and that we should wait for the specialist because she would take care of us with the real (medical) file rather than the internet since they don’t want the virus to spread,” he explained.
González was also advised that he would be unable to fill his medicines in the health center’s pharmacy for the next two days, and that an electrocardiogram scheduled for Tuesday would be postponed until the facilities were restored.
As per the Health Ministry, the outage also prevented the government from revising its COVID-19 infection counts in the midst of a new wave of infections. It also meant that the Health Ministry couldn’t require afflicted people to separate themselves.
Officials at the Social Security Administration said their systems would’ve been back up in the following days, and that the country’s COVID-19 vaccine program would proceed in the meantime.