The finance ministry was the first to be attacked. Between April 18 and May 2, according to a timeline shared by Mora, Conti tried to break into various government organizations. The Ministry of Labor and Social Security was one of the targets. In some cases, it worked, in others it didn't. The US, Spain, and private companies aided in the defense of the group. He says that it blocked a lot of people. The US posted a $10 million reward for information about the leader of the group.
On May 8, Chaves started his four-year term as president and immediately declared a "national emergency" due to the cyberattacks. The nine bodies that were very affected were targeted. The MICIT initially offered to answer questions about the progress of the recovery, but didn't do so.
The national institutions don't have enough resources. He says that he has seen organizations run on legacy software that makes it hard to provide services. Robles says that some bodies don't have a person working on cyber security. The attacks show that Latin American countries need to improve their cyber resilience, introduce laws to make cyberattack reporting mandatory, and allocate more resources to protect public institutions.
There was a hammer blow as Costa Rica began to gain control of the attacks. The first attack began on May 31. The Costa Rican Social Security Fund's systems were taken offline, plunging the country into a new kind of disarray. The HIVE was blamed for this time.
People were affected by the attack. Security journalist Brian Krebs reported that health care systems went offline. Patients have complained of delays in getting treatment and the CCSS has warned parents that they may have trouble locating their children. The health service is printing forms that are no longer in use.
According to local reports, 759 of the 1,500 server and 10,400 computers have been impacted. The hospital and emergency services are running normally thanks to the efforts of the staff, according to a spokesman forCCSS. More than 30,000 appointments have been changed as of June 6. The figure is 7 percent of the total number of appointments. Some facilities are facing some disruption.
There was the death of a person.
There are questions about whether the two attacks are related. They come at a time when the face of Ransomware may be changing. Russian-linked gangs have changed their tactics in order to avoid US sanctions.
After announcing its attack on the finance ministry, it published the names of its victims and the files it stole from them on its website. The "UNC" abbreviation is used by some security firms to indicate "uncategorized" attackers. The attacker demanded a large amount of money in order to get their attention. They started uploading files to the website when they didn't get paid.