Costa Rica chaos a warning ransomware threat remains
WASHINGTON (AP) — Teachers unable to get paychecks. Tax and customs systems paralyzed. Health officials unable to access medical records or track the spread of COVID-19. A country's president declaring war against foreign hackers saying they want to overthrow the government.
For two months now, Costa Rica has been reeling from unprecedented ransomware attacks disrupting everyday life in the Central American nation. It's a situation raising questions about the United States' role in protecting friendly nations from cyberattacks when Russianbased criminal gangs are targeting less developed countries in ways that could have major global repercussions.
"Today it's Costa Rica. Tomorrow it could be the Panama Canal," said Belisario Contreras, former manager of the cybersecurity program at the Organization of American States, referring to a major Central American shipping lane that carries a large amount of U.S. import and export traffic.
Last year, cybercriminals launched ransomware attacks in the U.S. that forced the shutdown of an oil pipeline that supplies the East Coast, halted production of the world's largest meat-processing company and compromised a major software company that has thousands of customers around the world.
The Biden administration responded with a whole of government action that included included diplomatic, law enforcement and intelligence efforts designed to put pressure on ransomware operators.
Since then, ransomware gangs have shied away from "big-game" targets in the U.S. in pursuit of victims unlikely to provoke a strong response by the U.S.
"They're still prolific, they're making enormous amounts of money, but they're just not in the news everyday," Eleanor Fairford, a deputy director at the UK's National Cyber Security Centre, said at a recent U.S. conference on ransomware.
Tracking trends of ransomware attacks, in which criminals encrypt victims' data and demand payment to return them to normal, is difficult. NCC Group, a UK cybersecurity firm that tracks ransomware attacks, said the number of ransomware incidents per month so far this year has been higher than it was in 2021. The company noted that the ransomware group CL0P, which has aggressively targeted schools and health care organizations, returned to work after effectively shutting down for several months.