Hive attacks La Caja Costarricence de Seguro Social (CCSS)

Incident Date: May 31, 2022

Attack Overview
VICTIM
La Caja Costarricence de Seguro Social (CCSS)
INDUSTRY
Healthcare Services
LOCATION
Costa Rica
ATTACKER
Hiveleak
FIRST REPORTED
May 31, 2022

The Hive Ransomware Gang Attacks Costa Rican Social Security Fund

The Hive ransomware gang has attacked La Caja Costarricence de Seguro Social (CCSS). CCSS has confirmed that on Tuesday, May 31, it fell victim to a cyberattack, which is currently under investigation. According to reports, the incident did not impact the databases of EDUS (Unique Digital Health File), SICERE (Centralized Collection System), payrolls, and pensions. As of now, the website is unavailable, and the CCSS (Costa Rican Social Security Fund) has taken down all systems as a preventive measure while conducting necessary analyses to restore critical services.

Authorities have stated that they are collaborating with the Ministry of Science and Technology and other entities to recover from the attack. In the meantime, 136 medical centers have established telephone lines to address inquiries and assist users while the systems remain disrupted. Additionally, the Pensions and Credit platform is temporarily out of service.

Although the CCSS has not officially confirmed whether the incident involved ransomware, the BleepingComputer website revealed that it obtained access to the ransom note left by the criminals. It has been confirmed that the attack was carried out by the Hive ransomware group, which operates under the ransomware-as-a-service (RaaS) model. The group has been active since mid-2021 and has targeted multiple victims in various Latin American countries, including Brazil and Colombia.

Immediate Response to the Attack

Apparently, during the CCSS attack, employees were instructed to shut down their computers and disconnect them from the network after printers started printing at the beginning of the attack. This cyber attack on the Costa Rican Social Security Fund follows the Conti ransomware attack on the Costa Rican Ministry of Finance in April. The Ministry of Finance incident subsequently affected at least seven other public entities, resulting in the disruption of critical services. The situation led the President to declare a state of national emergency due to the wave of attacks.

Extortion and Data Exfiltration

The attackers exfiltrated data before encrypting files on the compromised systems and demanded a $10 million ransom, which the ministry chose not to pay. As part of their extortion strategy, the attackers published a significant number of stolen files on their website.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.