Hive attacks La Caja Costarricence de Seguro Social (CCSS)

The Hive ransomware gang has attacked La Caja Costarricence de Seguro Social (CCSS). CCSS has confirmed that on Tuesday, May 31, it fell victim to a cyberattack, which is currently under investigation. According to reports, the incident did not impact the databases of EDUS (Unique Digital Health File), SICERE (Centralized Collection System), payrolls, and pensions. As of now, the website is unavailable, and the CCSS (Costa Rican Social Security Fund) has taken down all systems as a preventive measure while conducting necessary analyses to restore critical services. Authorities have stated that they are collaborating with the Ministry of Science and Technology and other entities to recover from the attack. In the meantime, 136 medical centers have established telephone lines to address inquiries and assist users while the systems remain disrupted. Additionally, the Pensions and Credit platform is temporarily out of service. Although the CCSS has not officially confirmed whether the incident involved ransomware, the BleepingComputer website revealed that it obtained access to the ransom note left by the criminals. It has been confirmed that the attack was carried out by the Hive ransomware group, which operates under the ransomware-as-a-service (RaaS) model. The group has been active since mid-2021 and has targeted multiple victims in various Latin American countries, including Brazil and Colombia. Apparently, during the CCSS attack, employees were instructed to shut down their computers and disconnect them from the network after printers started printing at the beginning of the attack. This cyber attack on the Costa Rican Social Security Fund follows the Conti ransomware attack on the Costa Rican Ministry of Finance in April. The Ministry of Finance incident subsequently affected at least seven other public entities, resulting in the disruption of critical services. The situation led the President to declare a state of national emergency due to the wave of attacks. The attackers exfiltrated data before encrypting files on the compromised systems and demanded a $10 million ransom, which the ministry chose not to pay. As part of their extortion strategy, the attackers published a significant number of stolen files on their website.