It is early Sunday morning at Costa Rica’s Ministry of Finance. The on-duty IT staff are likely to carry out equipment inventory tasks. In just over two weeks, the current president, Carlos Alvarado, will hand over power to his successor, Rodrigo Chaves, which will likely trigger changes in the leadership of the institution.
Once the shift ends just a few minutes away the on-duty staff will be able to go home and enjoy an Easter Sunday with their families.
They are unaware that something is unfolding behind the scenes.
At a certain moment, one of the operators notices that the files he had been working on for days can no longer be opened.
He restarts the machine. Same result or worse: the system now appears to be speaking another language, and nothing responds.
He calls a colleague on a higher floor and explains the situation. To his shock, the colleague is experiencing the same issue. It can’t be a coincidence. What is going on? Unless… this is not an error, but the result of something much larger.
On Sunday, April 17, 2022, the cybercrime syndicate CONTI launched a massive cyberattack against Costa Rica’s government digital infrastructure, spreading ransomware across the state for weeks, encrypting all information and systems.
Its first victim was the Ministry of Finance, causing immediate paralysis of critical government functions, including payroll for public employees and tax processing.
The entire nation was affected. The motive? Unknown.
After ransomware attacks, the only file immediately accessible is the ransom note.
It contains instructions describing the attack, the identity of the attackers, and payment procedures for those wishing to recover their encrypted data.
The ransom demand: 10 million dollars.
President Alvarado refused to pay.
CONTI’s response was swift. One after another, various government entities were struck: Ministry of Science and Technology, National Meteorological Institute, Radiographic Institute, Ministry of Labor, Social Development Fund, Social Security Administration, and other government agencies… like falling dominoes.
The objective was clear: create a nationwide digital blackout.
“Hello, we are CONTI, and you can find us inside your networks,” was the message displayed on the government’s own hacked website.
But why? What motivated the largest criminal syndicate at the time to attack a nation with no international conflicts?
Whatever the motive, it likely wasn’t just economic there are wealthier nations, involved in far larger geopolitical tension, that would be much more attractive targets. There had to be something else.
Recovery efforts continued.
But worse was yet to come the apex predator was waiting.
In the cybercrime world, there is a sort of criminal code. Victims can be of any type except certain protected categories such as hospitals, public schools, nonprofit organizations, NGOs, etc.
If attackers discover they are affecting an organization in these categories, the attack is supposed to stop immediately.
Is this true? One could debate its accuracy. But there is at least one organization that does not follow this ethical code. The Attila of cyberspace, nothing survives where it passes.
That group is Hive. And Hive, to everyone’s horror, entered the scene and conducted massive attacks on Costa Rica’s healthcare system, disabling national medical history systems, drug delivery systems, and more.
A coordinated attack by multiple cybercrime syndicates on a shared national target, seeking widespread social chaos without an obvious motive, something never seen before. A cyber event unimaginable in the physical world (criminals working hand-in-hand).
Rodrigo Chaves took office and made a shocking public declaration: “We are at war.”
Yes, at war against an anonymous, multinational adversary with possible presence inside the country. At war without a single bullet being fired.
Days passed and, slowly but steadily, thanks to support from nations, international agencies, and private companies, systems were restored.
Uncertainty remained: Why would multiple cybercrime syndicates coordinate such a massive attack on Costa Rica a small, stable, neutral nation that advocates peace in global affairs, much like Uruguay?
What was the motive?
Finally, the answer arrived. On CONTI’s own website, the group published: “The attack on Costa Rica is only a rehearsal for a global attack on an entire nation.”
It was nothing personal. Costa Rica was simply the result of a roll of the dice a test of how coordinated cyberattacks could digitally shut down a country.
What lessons does this attack leave for our nation? Many. First: You do not need to be on the front lines of geopolitical conflict to become the victim of a massive attack with devastating consequences. Second, and equally important: For a disaster of this scale, no organization, whether a company, institution, or country can recover alone. Collaboration between peers, public and private, nationally and especially internationally, is essential to overcome events like those experienced in the Central American paradise.