The attack began on April 12, according to Mr. Chaves’s administration, when hackers who said they were affiliated with Conti broke into Costa Rica’s Ministry of Finance, which oversees the country’s tax system. From there, the ransomware spread to other agencies that oversee technology and telecommunications, the government said this month.
Two former officials with the Ministry of Finance, who were not authorized to speak publicly, said the hackers were able to gain access to taxpayers’ information and interrupt Costa Rica’s tax collection process, forcing the agency to shut down some databases and resort to using a nearly 15-year-old system to store revenue from its largest taxpayers. Much of the nation’s tax revenue comes from a relatively small pool of about a thousand major taxpayers, making it possible for Costa Rica to continue tax collection.
The country also relies on exports, and the cyberattack forced customs agents to do their work solely on paper. While the investigation and recovery are underway, taxpayers in Costa Rica are forced to file their tax declarations in person at financial institutions rather than relying on online services.
Mr. Chaves is a former World Bank official and finance minister who has promised to shake up the political system. His government declared a state of emergency this month in response to the cyberattack, calling it “unprecedented in the country.”
“We are facing a situation of unavoidable disaster, of public calamity and internal and abnormal commotion that, without extraordinary measures, cannot be controlled by the government,” Mr. Chaves’s administration said in its emergency declaration.
The state of emergency allows agencies to move more quickly to remedy the breach, the government said. But cybersecurity researchers said that a partial recovery could take months, and that the government may not ever fully recover its data. The government may have backups of some of its taxpayer information, but it would take some time for those backups to come online, and the government would first need to ensure it had removed Conti’s access to its systems, researchers said.
Russia-Ukraine War: Key Developments
In Mariupol. The bloodiest battle of the war in Ukraine ended in Mariupol, as the Ukrainian military ordered fighters holed up at a steel plant in the city to surrender. Ukraine’s decision to end combat gave Moscow full control over a vast sweep of southern Ukraine, stretching from the Russian border to Crimea.
Paying the ransom would not guarantee a recovery because Conti and other ransomware groups have been known to withhold data even after receiving a payment.