2022 Costa Rican ransomware attack explained
Beginning on the night (UTC-6:00) of April 17, 2022, a ransomware attack began against nearly 30 institutions of the government of Costa Rica, including its Ministry of Finance, the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the National Meteorological Institute, state internet service provider RACSA, the Costa Rican Social Security Fund (Spanish; Castilian: Caja Costarricense de Seguro Social, CCSS), the, the Fund for Social Development and Family Allowances, and the Administrative Board of the Municipal Electricity Service of Cartago.[1] [2]
The pro-Russian Conti Group claimed the first group of attacks and demanded a US$10 million ransom in exchange for not releasing the information stolen from the Ministry of Finance, which could include sensitive information such as citizens' tax returns and companies operating in Costa Rica.[3] [4] [5]
As a consequence, the government had to shut down the computer systems used to declare taxes and for the control and management of imports and exports, causing losses to the productive sector on the order of US$30 million per day.[6] [7] Likewise, the web pages of the Ministry of Science, Innovation, Technology and Telecommunications were removed from the network.
Costa Rica required technical assistance from the United States, Israel, Spain, and Microsoft, among others, to deal with the cyber attack. The attack consisted of infections of computer systems with ransomware, defacement of web pages, theft of email files and attacks on the Social Security human resources portal, as well as on its official Twitter account.[8] [9]
On May 6, 2022, the United States government through the FBI offered a US$10 million reward for information leading to the identification of a person or persons in a leadership position within the Conti Group, and an additional US$5 million for information leading to the capture or conviction, in any country, of individuals who aided or conspired to carry out Conti ransomware attacks.[10] [11]
On May 8, 2022, the new president of Costa Rica, Rodrigo Chaves Robles, decreed a state of national emergency due to cyber attacks, considering them an act of terrorism. Days later, at a press conference, he stated that the country was in a state of war[12] [13] and that there was evidence that people inside Costa Rica were helping Conti, calling them "traitors" and "filibusters".[14] [15]
On May 31, 2022, at dawn, the Hive Ransomware Group carried out an attack against the Costa Rican Social Security Fund, forcing the institution to turn off all of its critical systems, including the Unique Digital Health File and the Centralized Collection System.[16] [17] The former stores sensitive medical information of patients using Social Security, while the latter is used to collect the population's insurance fees.[18]
Background
Conti Group
See main article: Conti Group.
Conti Group is a criminal organization dedicated to carrying out ransomware attacks, stealing files and documents from servers and then demanding a ransom. Its modus operandi is to infect computers with the Conti malware, which operates with up to 32 individual logical threads, making it much faster than most viruses of its kind.[19]
The oldest member is known by the aliases Stern or Demon and acts as CEO. Another member known as Mango acts as the general manager and communicates frequently with Stern. Mango told Stern in a message that there were 62 people on the core team. The numbers of people involved fluctuate, reaching up to 100. Due to the constant turnover of members, the group recruits new members through legitimate job recruitment sites and hacker sites.[20]
Ordinary programmers earn $1,500 to $2,000 per month, and members who negotiate ransom payments can take a cut of the profits. In April 2021, a member of the Conti Group claimed to have an anonymous journalist take a 5% cut of ransomware payments by pressuring victims to pay.
During the Russian invasion of Ukraine of 2022, the Conti Group announced its support for Russia and threatened to implement "retaliatory measures" if cyber-attacks were launched against the country.[21] [22] As a result, an anonymous person leaked approximately 60,000 internal chat log messages along with source code and other files used by the group.[23] [24]
Opinions expressed in the leaks include support for Vladimir Putin, Vladimir Zhirinovsky, and antisemitism (including towards Volodymyr Zelensky). A member known as Patrick repeated several false claims made by Putin about Ukraine. Patrick lives in Australia and may be a Russian citizen. Messages containing homophobia, misogyny and references to child abuse were also found.[25]
Conti has been responsible for hundreds of ransomware incidents since 2020. The FBI estimates that, as of January 2022, there were more than 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150 million, making Conti's the most damaging ransomware strain ever documented.[26]
Days after the FBI's announcement, Conti announced that they would begin a shutdown process.[27] Some of the Conti members migrated to smaller organizations like Hive, HelloKitty, AvosLocker, BlackCat, and BlackByteo; others founded groups of their own.[28]
Hive Ransomware Group
Hive ransomware group is a criminal organization known for attacking public health organizations and institutions, particularly hospitals and clinics.[29] It first appeared in June 2021.[30]
Bleeping Computer LLC reported that some of the Conti hackers migrated to other ransomware gangs, including Hive though the rival group[31] has denied having any connection with Conti, despite that, once the process of closing operations began and its hackers reached Hive, it then began to employ the tactic of publishing leaked data on the deep web, just as Conti had.[16] AdvIntel expert Yelisey Boguslavskiy identified, with a high level of certainty, that Conti had been working with Hive since at least November 2021. According to her information, Hive was actively using the initial attack access provided by Conti. Unlike the Conti Group, Hive is not associated with direct support for the Russian invasion of Ukraine, even though the ransom payment to Hive is likely to be received by the same people within Conti who claimed the group's collective alignment with the Russian government.
In July 2022, the FBI infiltrated Hive. Undercover Tampa, Florida Field Office agents acquired full access and acted as a subsidiary in the Hive network undetected for seven months, while gathering evidence and secretly generating decryption keys for victims to recover their data. in January 2023, the United States Department of Justice announced that they had dismantled Hive by seizing the group's servers, in coordination with Germany and the Netherlands.[32]
Attacks
Conti Group attack
The servers of the Ministry of Finance were the first to be compromised during the night of Sunday, April 17. The Conti Group had compromised credentials, which allowed it to install malware on one device in the Ministry of Finance network.[33] The BetterCyber Twitter account was the first to replicate, the next day, the post on the Conti Group forum that reported the hacking of the government institution, indicating that 1 terabyte of information had been stolen from the Virtual Tax Administration (ATV) platform, used by the government for citizens and companies to file their tax returns. In turn, the publication indicated that the data would begin to be published on April 23.[34]
Before 10 a.m. on April 18, the Ministry of Finance informed through a press release and through its social networks that, "due to technical problems", the ATV platform and the Customs Information System (TICA) had been disabled and that the deadline for filing and paying taxes that were due that day would be extended until the next business day after the systems were restored.[35] The institution did not immediately acknowledge being hacked and initially refused to answer questions from the press about the Conti Group claim.[36] [37]
The next day, Conti Group posted a new post on their forum announcing that they were asking for US$10 million in ransom for the stolen information.[38] The Ministry of Finance confirmed that the information published so far corresponded to information from the National Customs Service, used for supplies and support.[39] Hours after the Treasury statement, the microsite of the Ministry of Science, Innovation, Technology and Telecommunications suffered a defacement with a message reading, "We greet you from Conti, look for us on your network."[40] [41] [42]
Jorge Mora Flores, director of Digital Governance of Costa Rica, indicated that as a result of the attack, and because the affected server hosts other pages, the decision was made to turn it off while checks were carried out to determine to what extent security was breached. Subsequently, an update on the Conti Group forum indicated that the attacks against Costa Rican ministries would continue "until the government pays us".[43]
Hours later, Conti attacked an email server of the National Meteorological Institute, stealing the information contained therein.[44] [45] Conti stated that the scenario that Costa Rica was experiencing was a "beta version of a global cyber attack on an entire country".[46] Later, in another update on their forum, they indicated that if the Ministry of Finance did not inform their taxpayers of what was happening, they would carry out additional actions:Later that day, the Costa Rican government denied having received a ransom request, despite Conti Group's forum post regarding the US$10 million.On April 20, Conti published an additional 5 GB of information stolen from the Ministry of Finance.[47] In the afternoon, the Government called a press conference at the Presidential House where it argued that the situation was under control, and that in addition to the Treasury, MICITT and the IMN, Spanish; Castilian: Radiografía Costarricense S.A. (RACSA), a state internet service provider, had been attacked through an internal email server breach.[48] [49] In the meantime, the Costa Rican Social Security Fund reported having suffered a cyber attack on its human resources site, which was being combated.[50] [51] Conti Group did not claim responsibility for the attack, since the Fund reported hours later that no sensitive information was stolen from the insured, such as their medical history or contributions to pension or health insurance, and that the databases had been left behind intact.[52]
The Minister of the Presidency, Geannina Dinarte Romero, indicated that this was a case of international organized crime and that the Government of Costa Rica would not pay any ransom.[53] She also announced that they were receiving technical assistance from the governments of the United States, Israel and Spain, as well as from Microsoft, which operated the servers of the Ministry of Finance.
Early on April 21, Conti Group attacked the servers of the Ministry of Labor and Social Security, as well as the Social Development and Family Allowances Fund. The preliminary report of the government indicated that information such as emails and data on pension payments and social aid from both institutions was stolen.[54] Likewise, the group offered a 35% discount on the amount of the ransom demanded if the Government of Costa Rica made a prompt payment.[55] Before noon, the Ministry of Science, Innovation, Technology and Telecommunications held a press conference where the Government reiterated its position of not paying the ransom demanded by the Conti Group, for which hours later the criminal group announced that it would immediately begin publishing the stolen information, urging Costa Rican cybercriminals to take advantage of it to commit phishing.[56] [57] President Carlos Alvarado Quesada gave his first public statement on the hack that day.[58] In the afternoon, the Government issued a directive addressed to the public sector in order to protect the proper functioning, confidentiality and cybersecurity of public institutions. The document provides that, in the event of any situation that affects the confidentiality, availability and integrity of services available to the public, the continuity of institutional functions, or the identity theft of the institution on social networks—even those that within the institution are considered to be under control—the Computer Security Incident Response Center (CSIRT-CR) must be informed of the event. In addition, agencies are required to back up information regarding the incident for use in investigations.[59] Likewise, institutions must carry out maintenance of their telecommunications infrastructure—whether through public employees or private contractors—including regular updates of institutional systems, changing passwords of all institutional systems and networks, disabling unnecessary services and ports, and monitoring network infrastructure, as well as taking heed of alerts from the CSIRT-CR. The guideline also orders a vulnerability scan to be carried out at least twice a year on the official websites of the government of Costa Rica.
On the morning of April 22, the government reported that no new Conti Group attacks against the country had been recorded since the previous day. However, the director of Digital Governance, Jorge Mora, explained that since Monday, when they began to take preventive measures in state institutions, they have detected 35,000 malware communication requests, 9,900 phishing incidents, 60,000 attempts to take remote control of IT systems, and 60,000 attempts to mine cryptocurrencies using the computer infrastructure of the first 100 state institutions intervened.[60]
On April 23, the Conti Group attacked the Administrative Board of the Municipal Electrical Service of Cartago, the public company in charge of electricity supply in the province of Cartago.[61] Jorge Mora Flores reported that day that subscriber information could have been compromised;[62] [63] the next day, he reported that the institution's accounting and human resources information was encrypted as part of the attack.[64]
On April 25, Conti announced that it would shift its strategy from attacking state institutions to focus on large companies in the private sector; in addition, it would stop announcing its hacks on its deep web page to focus on requesting ransoms for stolen and encrypted information.[65]
On April 26, the MICITT reported that the website of the Sede Interuniversitaria de Alajuela, a multi-university campus, was attacked; in addition, there was an attempt to breach the servers of the (Rural Development Institute), which was effectively repelled.[66] On April 29, the government reported a hacking attempt to the Ministry of Economy, Industry and Commerce[67] and a day later against the National Liquor Factory and the municipalities of Turrialba and Golfito.[68]
On May 2, another hacking attempt was reported at the Ministry of Justice and Peace (MJP), although it was rebuffed.[69] The next day, unsuccessful cyberattacks were reported on the municipalities of Garabito and Alajuelita,[70] as well as on the, a national charitable organization that administers the country's national lottery.[71]
On May 4, MICITT reported hacking attempts to the National Education Loan Commission and one more to the Cartago University College (CUC), although the latter was not Conti's responsibility.
Nearly two months after the original attack, on June 11, the Ministry of Finance announced that the ATV tax system would be restarted on June 13 so that Costa Ricans could make their payments.[72] On June 24, two other systems disabled by Conti attacks were restored: TICA (Spanish; Castilian: Tecnología de Información para el Control Aduanero, Customs Control Information Technology)[73] and Exonet, a platform used to manage and process tax exemption requests.[74]
Hive Ransomware Group attack
On May 31 at two in the morning (UTC-6:00), the Costa Rican Social Security Fund (CCSS) detected anomalous information flows in its systems and began to receive reports from different hospitals of unusual behavior in various computers; it immediately proceeded to turn off all its critical systems, including the Single Digital Health File (Spanish; Castilian: Expediente Digital Único en Salud, EDUS) and the Centralized Collection System. Some printers in the institution printed messages with random codes or characters,[75] while others printed default instructions from the Hive Ransomware Group on how to regain access to systems.[76]
In a press conference before noon, CCSS officials described the attack as "exceptionally violent" and detailed that the first incidents were recorded at the San Vicente de Paul Hospital, in the province of Heredia and then in the Hospital of Liberia, province of Guanacaste; from there, attacks were carried out on the hospitals of the Greater Metropolitan Area.[77] The president of the CCSS, Álvaro Ramos Chaves, affirmed that databases with sensitive information were not compromised but noted that at least thirty servers (of the more than 1,500 that the institution has) were contaminated with ransomware. He added that they had a plan to restore the systems, but that it would take time because each piece of equipment had to be reviewed to ensure hackers no longer had access.
As a consequence, a number of insured persons saw their medical appointments cancelled.[78] The CCSS medical centers had to resort to running on paper, as the digital backup system, the Digital File in a Contingency Environment (Spanish; Castilian: Expediente Digital en Ambiente de Contingencia, EDAC), was also taken down as a security measure, a situation that could remain that way for an indefinite period. Medical facilities were left without access to the EDUS, EDAC, and such systems including the hospital occupancy control system (ARCA) and billing. Financial areas of the CCSS were unable to use systems including the Centralized Collection System (SICERE), the Disability Control and Payment Registry (RCPI), and the Integrated Voucher System (SICO). Offices and administrative areas were unable to use computers; teleworkers could only access Office 365 (Word, Excel, PowerPoint, Outlook, and Teams).[79] [80]
In total, on the first day of effects from the cyberattack, 4,871 users missed their medical appointments,[81] with another 12,000 missing appointments the next day. The CCSS reported that the laboratory service was the most affected, with only 45 percent operating normally and 48 percent partially affected. A review of 108 health establishments showed that 96% of hospital services operated with a contingency plan, 18% of outpatient consultations were partially affected, 19% of radiology and medical imaging services were partially affected, and 37% of pharmacy services were affected.[82]
On June 1, during a press conference at the Presidential Palace, the executive president of the CCSS, Álvaro Ramos Chaves, announced the opening of an administrative investigation against the agency's Information Technology Department for the hack, to determine if there was negligence. President Chaves Robles noted that fewer than 15 CCSS computers had the microCLAUDIA system donated by Spain installed after the Conti attacks.[83] Ramos Chaves also revealed that the effects of the attack were 27 times greater than what was reported on the first day: more than 800 servers and 9,000 end-user computers were affected, making it impossible to restore all systems within a week as initially planned.
On June 2, the Hive Ransomware Group requested $5 million in bitcoin so that the CCSS could get its services back.[84]
On June 4, the Superintendency of Pensions (SUPEN) announced the suspension until further notice of the possibility of freely transferring complementary pension funds between the different operators, since this required one of the CCSS systems that was affected by the hack.[85]
Given the fall of its systems for reporting payroll and payment of social contributions, the CCSS had to extend until June 10 the deadline for employers to submit the payroll corresponding to the month of May. Likewise, it announced that self-employed and voluntary insured workers would not be able to pay their monthly installments due to the impossibility of making the corresponding invoice.[86] The pension scheme for Disability, Old Age and Death (IVM) had to enable bank accounts and specific email accounts so that people with mortgage loans could pay their monthly payments and report the installments.[87] Likewise, 163 health establishments of the CCSS set up telephone lines for the population to answer questions regarding the continuity of services and the status of their medical appointments.[88]
Declaration of emergency
On April 22, the then president-elect of Costa Rica, Rodrigo Chaves Robles, announced his intention to declare a national state of emergency once he assumed power due to the cyberattacks against the country's public sector.[89]
On May 3, the Costa Rican Chamber of Industries (CICR), the National Chamber of Freight Carriers (CANATRAC), the Costa Rican Chamber of Foreign Trade (CRECEX), the Chamber of Fiscal and General Deposit Warehouses (CAMALFI), the Costa Rican Chamber of Shippers (NAVE), the Chamber of Exporters of Costa Rica (CADEXCO) and the Association of Customs Agents (AAACR) requested to declare a state of emergency due to the situation of the country's customs as a result of the Conti hack; they warned that within a few days, if the situation did not improve, Costa Rica could face a paralysis of international trade due to the accumulation of cargo containers, since Customs had to carry out procedures on paper, raising the wait to three or even four days to receive approval to move the containers.[90]
On May 8, upon assuming power, Chaves Robles signed Executive Decree No. 43542-MP-MICITT, declaring a state of national emergency due to cyberattacks against the public sector in Costa Rica and ordered the Presidency of the Republic to take control of the coordination of the national response, in lieu of the, which by law manages situations of declared national emergency.[91]
On May 16, President Chaves affirmed that the country was in a state of war due to Conti's hacks and denounced that there were nationals helping the "terrorist group" that the previous weekend had threatened to overthrow the newly elected government.[92] The next day, dozens of workers from the (MEP) took to the streets to protest the non-payment of their salaries— payments less than what was due, among other problems related to the impossibility of updating the state payroll due to the hack. The MEP estimated that 16,000 workers were affected, of whom 3,000 did not receive any payments at all. The Ministry of Finance, as a contingency measure, provided a tool that had to be filled out by hand to update employee payments.[93]
On May 21, due to new protests, the unions negotiated with the government, which promised to pay the amounts owed and subsequently recover any sums overpaid to the workers.[94] On May 27, the upheld more than 200 recursos de amparo filed against the state by MEP workers affected in the payment of their salaries and ordered contingency measures to reconcile payments within a month.[95] On May 30, the government announced that the MEP and the Finance Ministry had paid more than ₡6 billion colones as an extraordinary payroll corresponding to 25,618 movements pending cancellation due to the hack.[96]
Impact
This set of attacks drew attention to Latin America's lagging cybersecurity infrastructure. In 2020, 12 countries in Latin America had a national cybersecurity strategy; by July 2023, 20 countries had one.[97]
Notes and References
- Web site: Hacienda, Micitt, IMN, Racsa y CCSS atacados por 'hackers', confirma Gobierno . June 7, 2022 . La Nación . es . June 1, 2022 . https://web.archive.org/web/20220601184310/https://www.nacion.com/el-pais/servicios/hacienda-micitt-imn-y-racsa-atacados-por-hackers/DMCT7BZYIZGHZIHQQPOKN2WWYM/story/ . live .
- Web site: Portal de Recursos Humanos de CCSS sufre ataque cibernético . June 7, 2022 . La Nación . es . June 6, 2022 . https://web.archive.org/web/20220606194449/https://www.nacion.com/el-pais/salud/portal-de-recursos-humanos-de-la-ccss-sufre-ataque/J5NBWGIURRGIJF5Q2UQOUSGLWI/story/ . live .
- Web site: April 20, 2022 . Gobierno confirma que 'Conti' exige $10 millones de "rescate" . June 7, 2022 . Teletica . May 14, 2022 . https://web.archive.org/web/20220514154309/https://www.teletica.com/nacional/gobierno-confirma-que-conti-exige-10-millones-de-rescate_309715 . live .
- Web site: "En la dark web sí se realizó una publicación que pide $10 millones de, aparentemente, Conti Group" . June 7, 2022 . delfino.cr . es . April 21, 2022 . https://web.archive.org/web/20220421045913/https://delfino.cr/2022/04/en-la-dark-web-si-se-realizo-una-publicacion-que-pide-10-millones-de-aparentemente-conti-group . live .
- Web site: Conti amenaza con revelar datos internos de Hacienda y base de contribuyentes. June 7, 2022 . CRHoy.com. es . June 9, 2022 . https://web.archive.org/web/20220609074512/https://www.crhoy.com/tecnologia/conti-amenaza-con-revelar-datos-internos-de-hacienda-y-base-de-contribuyentes/ . live .
- Web site: Costa Rica reporta pérdidas por $125 millones por caos en aduanas . June 7, 2022 . www.larepublica.net . es . June 7, 2022 . https://web.archive.org/web/20220607025031/https://www.larepublica.net/noticia/costa-rica-reporta-perdidas-por-125-millones-por-caos-en-aduanas . live .
- Web site: Importaciones están paralizadas debido a hackeo de Hacienda. June 7, 2022 . CRHoy.com. es . April 20, 2022 . https://web.archive.org/web/20220420152904/https://www.crhoy.com/economia/importaciones-estan-paralizadas-debido-a-hackeo-de-hacienda/ . live .
- Web site: Hidalgo . Kristin . Vulneran cuenta de Twitter de la CCSS y publican contenido ajeno a la institución . June 7, 2022 . ameliarueda.com . es . April 19, 2022 . https://web.archive.org/web/20220419134110/https://www.ameliarueda.com/nota/hackean-cuenta-de-twitter-de-la-CCSS-noticias-costa-rica . live .
- Web site: ¡Atacan de nuevo! Hackean cuenta de Twitter de la CCSS. June 7, 2022 . CRHoy.com. es . April 19, 2022 . https://web.archive.org/web/20220419132119/https://www.crhoy.com/tecnologia/atacan-de-nuevo-hackean-cuenta-de-twitter-de-la-ccss/ . live .
- Web site: EE. UU. ofrece $10 millones de recompensa por información sobre líderes de Conti Group . June 7, 2022 . delfino.cr . es . May 6, 2022 . https://web.archive.org/web/20220506225401/https://delfino.cr/2022/05/ee-uu-ofrece-10-millones-de-recompensa-por-informacion-sobre-lideres-de-conti-group . live .
- Web site: EE. UU. ofrece recompensa por hackers tras ataque a Costa Rica. May 7, 2022 . June 7, 2022 . Deutsche Welle . es-ES . May 15, 2022 . https://web.archive.org/web/20220515033634/https://www.dw.com/es/ee-uu-ofrece-recompensa-por-hackers-tras-ataque-a-costa-rica/a-61716275 . live .
- News: "Estamos en guerra": 5 claves para entender el ciberataque que tiene a Costa Rica en estado de emergencia . es . BBC News Mundo . June 7, 2022 . June 3, 2022 . https://web.archive.org/web/20220603223158/https://www.bbc.com/mundo/noticias-america-latina-61516874 . live .
- Web site: May 9, 2022 . Costa Rica declara el estado de emergencia por el ciberataque de Conti . June 7, 2022 . derechodelared.com . es . May 31, 2022 . https://web.archive.org/web/20220531203056/https://derechodelared.com/costa-rica-estado-emergencia-ciberataques/ . live .
- Web site: (Video) Rodrigo Chaves: "Conti tiene filibusteros en Costa Rica" . June 7, 2022 . www.larepublica.net . es . June 8, 2022 . https://web.archive.org/web/20220608080912/https://www.larepublica.net/noticia/video-rodrigo-chaves-conti-tiene-filibusteros-en-costa-rica . live .
- Web site: Rodrigo Chaves dice que Costa Rica está "en guerra". May 17, 2022 . June 7, 2022 . Deutsche Welle . es-ES . May 31, 2022 . https://web.archive.org/web/20220531202714/https://www.dw.com/es/rodrigo-chaves-dice-que-costa-rica-est%C3%A1-en-guerra/a-61820239 . live .
- Web site: Costa Rica's public health agency hit by Hive ransomware . June 7, 2022 . BleepingComputer . en-us . June 6, 2022 . https://web.archive.org/web/20220606151555/https://www.bleepingcomputer.com/news/security/costa-rica-s-public-health-agency-hit-by-hive-ransomware/ . live .
- Web site: May 31, 2022 . CCSS sufrió 'hackeo' durante la madrugada de este martes . June 7, 2022 . Teletica . June 2, 2022 . https://web.archive.org/web/20220602084608/https://www.teletica.com/nacional/ccss-sufrio-hackeo-durante-la-madrugada-de-este-martes_312476 . live .
- Web site: 'Hackeo' obliga a hospitales de CCSS a trabajar con computadoras apagadas . June 7, 2022 . La Nación . es . June 6, 2022 . https://web.archive.org/web/20220606170708/https://www.nacion.com/el-pais/salud/nuevo-hackeo-en-ccss-la-madrugada-de-este-martes/GMVEKKG7QBGM3NVW3RFNKSCMAM/story/ . live .
- Web site: Conti Ransomware . June 7, 2022 . NHS Digital . en . May 24, 2022 . https://web.archive.org/web/20220524162553/https://digital.nhs.uk/cyber-alerts/2020/cc-3544 . live .
- The Workaday Life of the World's Most Dangerous Ransomware Gang . en-GB . Wired UK . June 7, 2022 . 1357-0978 . May 6, 2022 . https://web.archive.org/web/20220506201347/https://www.wired.co.uk/article/conti-leaks-ransomware-work-life . live .
- Web site: Reichert . Corinne . Conti Ransomware Group Warns Retaliation if West Launches Cyberattack on Russia . June 7, 2022 . CNET . en . May 24, 2022 . https://web.archive.org/web/20220524124127/https://www.cnet.com/news/politics/conti-ransomware-group-warns-retaliation-if-west-launches-cyberattack-on-russia/ . live .
- News: Bing . Christopher . February 25, 2022 . Russia-based ransomware group Conti issues warning to Kremlin foes . en . Reuters . June 7, 2022 . June 4, 2022 . https://web.archive.org/web/20220604041525/https://www.reuters.com/technology/russia-based-ransomware-group-conti-issues-warning-kremlin-foes-2022-02-25/ . live .
- Web site: March 1, 2022 . The Conti ransomware leaks . June 7, 2022 . Malwarebytes Labs . en-US . June 8, 2022 . https://web.archive.org/web/20220608133315/https://blog.malwarebytes.com/threat-intelligence/2022/03/the-conti-ransomware-leaks/ . live .
- Web site: Sean Lyngaas . 'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang . June 7, 2022 . CNN . March 30, 2022 . May 21, 2022 . https://web.archive.org/web/20220521175624/https://www.cnn.com/2022/03/30/politics/ukraine-hack-russian-ransomware-gang/index.html . live .
- Web site: Lee . Micah . March 14, 2022 . Leaked Chats Show Russian Ransomware Gang Discussing Putin's Invasion of Ukraine . June 7, 2022 . The Intercept . en . June 3, 2022 . https://web.archive.org/web/20220603103755/https://theintercept.com/2022/03/14/russia-ukraine-conti-russian-hackers/ . live .
- Web site: Reward for Information: Owners/Operators/Affiliates of the Conti Ransomware as a Service (RaaS) . June 7, 2022 . United States Department of State . en . May 18, 2022 . https://web.archive.org/web/20220518111522/https://www.state.gov/reward-for-information-owners-operators-affiliates-of-the-conti-ransomware-as-a-service-raas/ . live .
- Web site: Conti Ransomware Operation Shut Down After Brand Becomes Toxic . June 7, 2022 . www.securityweek.com . June 8, 2022 . https://web.archive.org/web/20220608090916/https://www.securityweek.com/conti-ransomware-operation-shut-down-after-brand-becomes-toxic . live .
- Web site: Did the Conti ransomware crew orchestrate its own demise? . June 7, 2022 . ComputerWeekly.com . en . May 30, 2022 . https://web.archive.org/web/20220530072439/https://www.computerweekly.com/news/252520524/Did-the-Conti-ransomware-crew-orchestrate-its-own-demise . live .
- Web site: March 29, 2022 . Hive ransomware group claims to steal California health plan patient data . June 7, 2022 . VentureBeat . en-US . May 31, 2022 . https://web.archive.org/web/20220531202609/https://venturebeat.com/2022/03/29/hive-ransomware-group-claims-to-steal-california-health-plan-patient-data/ . live .
- Web site: September 2, 2021 . FBI issues alert about Hive ransomware . June 7, 2022 . Healthcare IT News . en . May 20, 2022 . https://web.archive.org/web/20220520171002/https://www.healthcareitnews.com/news/fbi-issues-alert-about-hive-ransomware . live .
- Web site: Hive Ransomware Shut Down by Law Enforcement Operation; FBI in Possession of Decryption Keys, Group’s Public-Facing Website . June 4, 2023 . CPO Magazine.
- Web site: How the FBI prevented $130 million in crypto ransomware attacks by hacking the hackers behind Hive . 2023-05-22 . Fortune Crypto . en.
- Web site: How Conti ransomware hacked and encrypted the Costa Rican government . 2023-07-25 . BleepingComputer . en-us.
- Web site: BetterCyber on Twitter: "#Conti claims to have hacked Ministerio de Hacienda, a government ministry in Costa Rica ... #Ransomware #RansomwareGroup #ContiLeaks… . live . https://web.archive.org/web/20220520055441/https://twitter.com/_bettercyber_/status/1515792916140204041 . May 20, 2022 . June 7, 2022 . Twitter . en.
- Web site: Sistemas de Hacienda caídos, ministerio omite referirse a supuesto hackeo . June 7, 2022 . delfino.cr . es . April 18, 2022 . https://web.archive.org/web/20220418165230/https://delfino.cr/2022/04/sistemas-de-hacienda-caidos-ministerio-omite-referirse-a-supuesto-hackeo . live .
- Web site: Ministerio Hacienda de Costa Rica on Twitter: "En este momento las plataformas Administración Tributaria Virtual (Atv) y TICA se encuentran fuera de servicio. Nuestros equipos técnicos trabajan para su restablecimiento en el menor tiempo posible. Inmediatamente se solvente la situación, se comunicará por este mismo medio.. . live . https://web.archive.org/web/20220421043723/https://twitter.com/haciendacr/status/1516051998768087040 . April 21, 2022 . June 7, 2022 . Twitter . en.
- Web site: April 18, 2022 . ¿Hackearon Hacienda? Sistemas ATV y TICA fuera de servicio . June 7, 2022 . Teletica . May 12, 2022 . https://web.archive.org/web/20220512024133/https://www.teletica.com/nacional/hackearon-hacienda-sistemas-atv-y-tica-fuera-de-servicio_309530 . live .
- Web site: BetterCyber on Twitter: " Latest update from #Conti: "We ask only 10m USD for keeping your taxpayers' data"… " . June 8, 2022 . May 10, 2022 . https://web.archive.org/web/20220510065124/https://twitter.com/_bettercyber_/status/1516113184633110529 . live .
- Web site: Ministerio Hacienda de Costa Rica . ACLARACIÓN DEL MINISTERIO DE HACIENDA SOBRE COMUNICACIONES EN REDES SOCIALES CALIFICADAS COMO HACKEO . live . https://web.archive.org/web/20220602161824/https://twitter.com/HaciendaCR/status/1516190939114803203 . June 2, 2022 . June 8, 2022 . Twitter.
- Web site: BetterCyber on Twitter: "#Conti allegedly hacks Ministerio de Ciencia, Innovation, Technology, y Telecomunicaciones' website, posting the following message on the compromised website: "We say hello from conti, look for us on your network" #ContiLeaks #Ransomware #RansomwareGroup… . live . https://web.archive.org/web/20220421045919/https://twitter.com/_bettercyber_/status/1516238126825492483 . April 21, 2022 . June 8, 2022.
- Web site: 'Ataque al Micitt es simbólico, para deslegitimarlo', dice exviceministro sobre hackeo . June 7, 2022 . La Nación . es . May 22, 2022 . https://web.archive.org/web/20220522200355/https://www.nacion.com/el-pais/servicios/ataque-al-micitt-es-simbolico-para-deslegitimarlo/OFGYHESK3ZD77AWENW36TMSUHQ/story/ . live .
- Web site: April 19, 2022 . Autoridades confirman que "hackers" atacaron otro ministerio este lunes . June 7, 2022 . Teletica . May 20, 2022 . https://web.archive.org/web/20220520010959/https://www.teletica.com/nacional/autoridades-confirman-que-hackers-atacaron-otro-ministerio-este-lunes_309591 . live .
- Web site: Uživatel BetterCyber na Twitteru: " Latest update on #Conti's cyberattack against Costa Rica's Ministerio de Hacienda : "We will continue to attack the ministries of costa rica until its government pays us Attacks continue today" #ContiLeaks #Ransomware #RansomwareGroup… . live . https://web.archive.org/web/20220528020550/https://twitter.com/_bettercyber_/status/1516344303525765124 . May 28, 2022 . June 8, 2022.
- Web site: Investigan si robaron información de correos del IMN. June 8, 2022 . CRHoy.com. es . April 19, 2022 . https://web.archive.org/web/20220419225345/https://www.crhoy.com/tecnologia/investigan-si-robaron-informacion-de-correos-del-imn/ . live .
- Web site: Costa Rica: Hackers rusos accesaron a servidores de correo del Meteorológico . June 8, 2022 . www.estrategiaynegocios.net . es-HN . May 13, 2022 . https://web.archive.org/web/20220513180856/https://www.estrategiaynegocios.net/lasclavesdeldia/costa-rica-hackers-rusos-accesaron-a-servidores-de-correo-del-meteorologico-FA7741351 . live .
- Web site: Uživatel BetterCyber na Twitteru: " #Conti's latest update on the cyberattack against the Costa Rican Instituto Meteorologico Nacional: "The costa rica scenario is a beta version of a global cyber attack on an entire country" #Conti also claims to have hacked . live . https://web.archive.org/web/20220528020852/https://twitter.com/_bettercyber_/status/1516569937418113025 . May 28, 2022 . June 8, 2022.
- Web site: BetterCyber Twitter'da: " #Conti publishes an additional ~5 GB of data allegedly belonging to the Ministerio de Hacienda of Costa Rica ... #Ransomware #RansomwareGroup #ContiLeaks… . live . https://web.archive.org/web/20220421050059/https://twitter.com/_bettercyber_/status/1516934122878517248 . April 21, 2022 . June 8, 2022.
- Web site: Más instituciones bajo ataque de Conti, que aumenta presión a un gobierno con débil respuesta . June 8, 2022 . El Financiero . es . May 2, 2022 . https://web.archive.org/web/20220502074948/https://www.elfinancierocr.com/tecnologia/mas-instituciones-bajo-ataque-de-conti-que-aumenta/DDMQK5ZXKFHBXDGFB3MTX3GYR4/story/ . live .
- Web site: Director de Gobernanza digital señala a Conti y afirma que hackeo está "bajo control". June 8, 2022 . CRHoy.com. es . April 20, 2022 . https://web.archive.org/web/20220420200609/https://www.crhoy.com/nacionales/director-de-gobernanza-digital-senala-a-conti-y-afirma-que-hackeo-esta-bajo-control/ . live .
- Web site: Portal de Recursos Humanos de la CCSS es la nueva víctima del ataque de hackers . June 8, 2022 . www.larepublica.net . es . May 14, 2022 . https://web.archive.org/web/20220514074940/https://www.larepublica.net/noticia/portal-de-recursos-humanos-de-la-caja-es-la-nueva-victima-del-ataque-de-hackers . live .
- Web site: Hackeo: CCSS enciende alerta ante posibles efectos en sus servicios esenciales . June 8, 2022 . La Nación . es . June 2, 2022 . https://web.archive.org/web/20220602022201/https://www.nacion.com/el-pais/salud/ccss-rastrea-origen-de-ataque-cibernetico-a-su/CEP5PFF6Q5BBFORCKFRJL7YWA4/story/ . live .
- Web site: CCSS sobre 'hackeo': 'No se extrajo información sensible' ni se afectó EDUS o Sicere . June 8, 2022 . La Nación . es . May 16, 2022 . https://web.archive.org/web/20220516202906/https://www.nacion.com/el-pais/servicios/ccss-sobra-hackeo-no-se-extrajo-informacion/NS6ZL4BMOBDPXFQA6YUOG7Y2PQ/story/ . live .
- Web site: "Estamos ante una situación de crimen organizado internacional y no estamos dispuestos a ninguna extorsión o pago" . June 8, 2022 . delfino.cr . es . April 21, 2022 . https://web.archive.org/web/20220421045911/https://delfino.cr/2022/04/estamos-ante-una-situacion-de-crimen-organizado-internacional-y-no-estamos-dispuestos-a-ninguna-extorsion-o-pago . live .
- Web site: April 21, 2022 . Ministerio de Trabajo y Fodesaf se suman a blancos de ataques informáticos • Semanario Universidad . June 8, 2022 . semanariouniversidad.com . es . June 9, 2022 . https://web.archive.org/web/20220609074549/https://semanariouniversidad.com/pais/ministerio-de-trabajo-y-fodesaf-se-suman-a-blancos-de-ataques-informaticos/ . live .
- Web site: Hackers ofrecen descuento del 35% al Gobierno de Costa Rica y prometen no tocar al sector privado . June 8, 2022 . www.larepublica.net . es . May 19, 2022 . https://web.archive.org/web/20220519213752/https://www.larepublica.net/noticia/hackers-ofrecen-descuento-del-35-al-gobierno-de-costa-rica-y-prometen-no-tocar-al-sector-privado . live .
- Web site: Conti anuncia publicación de toda la data robada a Costa Rica tras negativa del gobierno a pagar rescate . June 8, 2022 . delfino.cr . es . May 17, 2022 . https://web.archive.org/web/20220517190226/https://delfino.cr/2022/04/conti-anuncia-publicacion-de-toda-la-data-robada-a-costa-rica-tras-negativa-del-gobierno-a-pagar-rescate . live .
- Web site: Gobierno sostiene que no pagará ningún rescate pese a descuento ofrecido por ciberdelincuentes . June 8, 2022 . delfino.cr . es . April 22, 2022 . https://web.archive.org/web/20220422022411/https://delfino.cr/2022/04/gobierno-sostiene-que-no-pagara-ningun-rescate-pese-a-descuento-ofrecido-por-ciberdelincuentes . live .
- Web site: Alvarado: "Este ciberataque busca amenazar la estabilidad del país en una coyuntura de transición" . June 8, 2022 . delfino.cr . es . April 22, 2022 . https://web.archive.org/web/20220422022423/https://delfino.cr/2022/04/alvarado-este-ciberataque-busca-amenazar-la-estabilidad-del-pais-en-una-coyuntura-de-transicion . live .
- Web site: Gobierno firma directriz que fortalece las medidas de ciberseguridad del sector público . June 8, 2022 . Presidencia de la República de Costa Rica . es . May 18, 2022 . https://web.archive.org/web/20220518182538/https://www.presidencia.go.cr/comunicados/2022/04/gobierno-firma-directriz-que-fortalece-las-medidas-de-ciberseguridad-del-sector-publico/ . live .
- Web site: Micitt: "desde ayer no se han registrado nuevos incidentes informáticos" . June 8, 2022 . delfino.cr . es . April 22, 2022 . https://web.archive.org/web/20220422193414/https://delfino.cr/2022/04/micitt-desde-ayer-no-se-han-registrado-nuevos-incidentes-informaticos . live .
- Web site: Jasec se convierte en la nueva víctima de Conti. June 8, 2022 . CRHoy.com. es . April 23, 2022 . https://web.archive.org/web/20220423172406/https://www.crhoy.com/nacionales/jasec-se-convierte-en-la-nueva-victima-de-conti/ . live .
- Web site: Micitt: Ataque a Jasec pudo comprometer información de abonados. June 8, 2022 . CRHoy.com. es . April 23, 2022 . https://web.archive.org/web/20220423200218/https://www.crhoy.com/nacionales/micitt-ataque-a-jasec-pudo-comprometer-informacion-de-abonados/ . live .
- Web site: Datos personales de usuarios de Jasec pudieron ser robados por Conti, advierte el Gobierno . June 8, 2022 . La Nación . es . June 5, 2022 . https://web.archive.org/web/20220605235012/https://www.nacion.com/el-pais/servicios/datos-personales-de-usuarios-de-jasec-pudieron-ser/MHAXCPEODBDRHKI6LPMWV5PHGQ/story/ . live .
- Web site: Conti cifra sistemas de contabilidad y recursos humanos de Jasec, según Micitt. June 8, 2022 . CRHoy.com. es . April 24, 2022 . https://web.archive.org/web/20220424221314/https://www.crhoy.com/nacionales/conti-cifra-sistemas-de-contabilidad-y-recursos-humanos-de-jasec-segun-micitt/ . live .
- Web site: Conti "cambia de táctica": Ahora amenaza directamente al sector privado costarricense. June 8, 2022 . CRHoy.com. es . April 25, 2022 . https://web.archive.org/web/20220425215733/https://www.crhoy.com/tecnologia/conti-cambia-de-tactica-ahora-amenaza-directamente-al-sector-privado-costarricense/ . live .
- Web site: 'Hackers' atacan sede interuniversitaria de Alajuela y sistemas del Inder . June 8, 2022 . La Nación . es . May 16, 2022 . https://web.archive.org/web/20220516114409/https://www.nacion.com/el-pais/servicios/hackers-atacan-sede-interuniversitaria-de-alajuela/GOPFGRNABND4NJIDJVZX7CICOU/story/ . live .
- Web site: MEIC detectó a Conti en computadoras de usuarios, mientras que Micitt mantiene alerta sobre avisos recientes de los 'hackers' . June 8, 2022 . El Financiero . es . May 4, 2022 . https://web.archive.org/web/20220504175002/https://www.elfinancierocr.com/tecnologia/meic-detecto-a-conti-en-computadoras-de-usuarios/QSBZYDJKRFDOFM5LIDZKSYELWU/story/ . live .
- Web site: Micitt detecta ciberataques de Conti en Fanal y en las municipalidades de Turrialba y Golfito . June 8, 2022 . El Financiero . es . May 4, 2022 . https://web.archive.org/web/20220504024136/https://www.elfinancierocr.com/tecnologia/micitt-detecta-ciberataques-de-conti-en-fanal-y-en/RPKLPJSNEVGQRDEYJ4B4GX4AWA/story/ . live .
- Web site: May 3, 2022 . Autoridades confirman intentos de ciberataques en Ministerio de Justicia y JPS . June 8, 2022 . Teletica . May 4, 2022 . https://web.archive.org/web/20220504175007/https://www.teletica.com/amp/nacional/autoridades-confirman-intentos-de-ciberataques-en-ministerio-de-justicia-y-jps_310540 . live .
- Web site: May 2, 2022 . Ciber criminales apuntan a las municipalidades, Garabito y Alajuelita afectadas • Semanario Universidad . June 8, 2022 . semanariouniversidad.com . es . June 9, 2022 . https://web.archive.org/web/20220609074512/https://semanariouniversidad.com/pais/ciber-criminales-apuntan-a-las-municipalidades-garabito-y-alajuelita/ . live .
- Web site: JPS sufre ataque "aislado" de Conti; Gobierno asegura que está contenido. June 8, 2022 . CRHoy.com. es . May 3, 2022 . https://web.archive.org/web/20220503181001/https://www.crhoy.com/nacionales/jps-sufre-ataque-aislado-de-conti-gobierno-asegura-que-esta-contenido/ . live .
- Web site: Costa Rica habilitará sistema tributario afectado por ciberataque . Costa Rica will enable tax system affected by cyberattack . 2022-06-12 . Noticias de El Salvador - Noticias de El Salvador . es . EFE.
- Web site: Costa Rica restablece plataforma de aduanas tras dos meses de ciberataque . 2022-07-03 . SWI swissinfo.ch . es.
- Web site: Sistema TICA de Hacienda vuelve a operar dos meses después de 'hackeo' . 2022-07-03 . La Nación . es.
- Web site: FOTOS Y VIDEO: Los extraños mensajes de las impresoras de la CCSS tras hackeo. June 8, 2022 . CRHoy.com. es . May 31, 2022 . https://web.archive.org/web/20220531152013/https://www.crhoy.com/nacionales/fotos-y-video-los-extranos-mensajes-de-las-impresoras-de-la-ccss-tras-hackeo/ . live .
- Web site: Hive Ransomware Group, el grupo de cibercriminales que atacó la CCSS y tiene predilección por instituciones de salud . June 8, 2022 . delfino.cr . es . May 31, 2022 . https://web.archive.org/web/20220531210324/https://delfino.cr/2022/05/hive-ransomware-group-el-grupo-de-cibercriminales-que-ataco-la-ccss-y-tiene-predileccion-por-instituciones-de-salud . live .
- Web site: Hackeo a la CCSS: "Fue un ataque excepcionalmente violento", pero no se vulneraron bases de datos o sistemas críticos . June 8, 2022 . delfino.cr . es . May 31, 2022 . https://web.archive.org/web/20220531210324/https://delfino.cr/2022/05/hackeo-a-la-ccss-fue-un-ataque-excepcionalmente-violento-pero-no-se-vulneraron-bases-de-datos-o-sistemas-criticos . live .
- Web site: 'Nos dijeron que nos llamarían para reprogramar', contó asegurada afectada por 'hackeo' en CCSS . June 8, 2022 . La Nación . es . June 8, 2022 . https://web.archive.org/web/20220608015151/https://www.nacion.com/el-pais/salud/hackeo-en-ccss-obliga-a-muchos-enfermos-a/3SL6H3YFOVHDJNIX3GYF2GLPYA/story/ . live .
- Web site: CCSS confirma alrededor de 30 servidores afectados por hackeo. June 8, 2022 . CRHoy.com. es . May 31, 2022 . https://web.archive.org/web/20220531180620/https://www.crhoy.com/nacionales/ccss-confirma-alrededor-de-30-servidores-afectados-por-hackeo/ . live .
- Web site: Atención: Estos son los servicios afectados por hackeo en la CCSS. June 8, 2022 . CRHoy.com. es . May 31, 2022 . https://web.archive.org/web/20220531161900/https://www.crhoy.com/nacionales/atencion-estos-son-los-servicios-afectados-por-hackeo-en-la-ccss/ . live .
- Web site: CCSS reportó afectación de 4.871 usuarios en 80 establecimientos de salud, tras hackeo a sistemas informáticos . June 8, 2022 . delfino.cr . es . June 4, 2022 . https://web.archive.org/web/20220604184803/https://delfino.cr/2022/06/ccss-reporto-afectacion-de-4-871-usuarios-en-80-establecimientos-de-salud-tras-hackeo-a-sistemas-informaticos . live .
- Web site: Más de 12 mil pacientes se quedaron sin atención médica en segundo día de 'hackeo' en la CCSS. June 8, 2022 . CRHoy.com. es . June 3, 2022 . https://web.archive.org/web/20220603030518/https://www.crhoy.com/nacionales/mas-de-12-mil-pacientes-se-quedaron-sin-atencion-medica-en-segundo-dia-de-hackeo-en-la-ccss/ . live .
- Web site: CCSS investigará si hubo negligencia para prevenir hackeo a la institución . June 8, 2022 . delfino.cr . es . June 4, 2022 . https://web.archive.org/web/20220604184804/https://delfino.cr/2022/06/ccss-investigara-si-hubo-negligencia-para-prevenir-hackeo-a-la-institucion . live .
- Web site: Ciberdelicuentes piden $5 millones en bitcoins a la CCSS . June 8, 2022 . delfino.cr . es . June 4, 2022 . https://web.archive.org/web/20220604184804/https://delfino.cr/2022/06/ciberdelicuentes-piden-5-millones-en-bitcoins-a-la-ccss . live .
- Web site: Supen suspende temporalmente la libre transferencia entre operadoras de pensiones. June 8, 2022 . CRHoy.com. es . June 4, 2022 . https://web.archive.org/web/20220604162209/https://www.crhoy.com/nacionales/supen-suspende-temporalmente-la-libre-transferencia-entre-operadoras-de-pensiones/ . live .
- Web site: CCSS amplía el plazo para que patronos presenten planillas: se extenderá hasta el 10 de junio debido a hackeos . June 8, 2022 . delfino.cr . es . June 4, 2022 . https://web.archive.org/web/20220604185048/https://delfino.cr/2022/06/ccss-amplia-el-plazo-para-que-patronos-presenten-planillas-se-extendera-hasta-el-10-de-junio-debido-a-hackeos . live .
- Web site: Régimen de IVM habilita cuentas y correos para depósito y reporte de pago de créditos . June 8, 2022 . delfino.cr . es . June 4, 2022 . https://web.archive.org/web/20220604185047/https://delfino.cr/2022/06/regimen-de-ivm-habilita-cuentas-y-correos-para-deposito-y-reporte-de-pago-de-creditos . live .
- Web site: 163 establecimientos de la CCSS habilitan líneas telefónicas para consultas de usuarios tras hackeo . June 8, 2022 . delfino.cr . es . June 4, 2022 . https://web.archive.org/web/20220604185048/https://delfino.cr/2022/05/163-establecimientos-de-la-ccss-habilitan-lineas-telefonicas-para-consultas-de-usuarios-tras-hackeo . live .
- Web site: Rodrigo Chaves sobre ciberataques: "Estamos preparando un decreto de emergencia nacional" . June 8, 2022 . delfino.cr . es . May 31, 2022 . https://web.archive.org/web/20220531210151/https://delfino.cr/2022/04/rodrigo-chaves-sobre-ciberataques-estamos-preparando-un-decreto-de-emergencia-nacional . live .
- Web site: Cámaras empresariales piden declaratoria de emergencia nacional por situación en aduanas . June 8, 2022 . delfino.cr . es . May 31, 2022 . https://web.archive.org/web/20220531210158/https://delfino.cr/2022/05/camaras-empresariales-piden-declaratoria-de-emergencia-nacional-por-situacion-en-aduanas . live .
- Web site: Sistema Costarricense de Información Jurídica . June 8, 2022 . www.pgrweb.go.cr . May 12, 2022 . https://web.archive.org/web/20220512003124/http://www.pgrweb.go.cr/scij/Busqueda/Normativa/Normas/nrm_texto_completo.aspx?param1=NRTC&nValor1=1&nValor2=96886&nValor3=130028&strTipM=TC . live .
- Web site: Chaves afirma que país está en guerra por ataques cibernéticos y que habría ticos ayudando a Conti . June 8, 2022 . delfino.cr . es . May 31, 2022 . https://web.archive.org/web/20220531210156/https://delfino.cr/2022/05/chaves-afirma-que-pais-esta-en-guerra-por-ataques-ciberneticos-y-que-habria-ticos-ayudando-a-conti . live .
- Web site: Hackeo de Conti ha afectado pagos de 12 mil docentes, MEP volverá a planilla manual para resolver crisis . June 8, 2022 . delfino.cr . es . May 31, 2022 . https://web.archive.org/web/20220531210159/https://delfino.cr/2022/05/hackeo-de-conti-ha-afectado-pagos-de-12-mil-docentes-mep-volvera-a-planilla-manual-para-resolver-crisis . live .
- Web site: Gobierno acuerda sobrepago para cancelar salarios de educadores afectados por cibertaques . June 8, 2022 . delfino.cr . es . May 31, 2022 . https://web.archive.org/web/20220531210156/https://delfino.cr/2022/05/gobierno-acuerda-sobrepago-para-cancelar-salarios-de-educadores-afectados-por-cibertaques . live .
- Web site: Sala IV declara 'con lugar' más de 200 amparos contra el MEP por atraso en pago de salarios. delfino.cr. June 8, 2022. May 31, 2022. https://web.archive.org/web/20220531210156/https://delfino.cr/2022/05/sala-iv-declara-con-lugar-mas-de-200-recursos-de-amparo-contra-el-mep-por-atraso-en-pago-de-salarios. live.
- Web site: MEP y Hacienda pagan más 25 mil movimientos pendientes mediante planilla extraordinaria. June 8, 2022 . www.mep.go.cr . June 9, 2022 . https://web.archive.org/web/20220609074517/https://www.mep.go.cr/noticias/mep-hacienda-pagan-mas-25-mil-movimientos-pendientes-mediante-planilla-extraordinaria . live .
- Web site: July 25, 2023 . Cecilia. Tornaghi. The Dramatic Cyberattack That Put Latin America on Alert . 2023-07-25 . . en-US.