Marianella Vargas buys special supplies online for her three-year-old son, Felipe, who is autistic, to help him express himself. But since an extensive cyberattack disrupted the Costa Rican government on April 18, she has not been able to receive the visual communication cards and special potty-training shoes she ordered for him. At my son’s age, every day counts for his learning and development,” Vargas told Rest of World

In May, Costa Rica belatedly declared a national emergency, after a crippling ransomware attack the month before by Conti, the Russia-aligned hacking group, which had identified gaps in the country’s public cybersecurity infrastructure. Some government agencies were disrupted for nearly a month, and some digital public platforms, including the Ministry of Finance’s TIC@ and ATV (Virtual Tax Administration), which have a critical role in collecting taxes and paying salaries, are still down in the Central American country. Processes have migrated to pen and paper, resulting in bottlenecks across the public sector. Trade was paralyzed, ordinary citizens still can’t access public services online, private companies are unable to report their earnings or charge the state for their professional services, and thousands of public employees haven’t been paid in full or at all.

On May 31, Costa Rica’s public health system was taken offline, the result of a fresh attack that targeted the country’s social security fund, which could result in delays in medical attention and surgeries.

“Anyone who thinks these attacks are a one-off is wrong,” said Diego González, head of the Cybersecurity Chapter of Costa Rica’s Chamber of Information and Communication Technologies (CAMTIC). “We are witnessing the beginning of an era of unprecedented cyberattacks.” He suggested that the effects seen on the ground in Costa Rica are practice and a prelude to future attacks across the globe.

The cybercriminals started by attacking eight Costa Rican institutions, taking down internal systems and kidnapping their data in exchange for a ransom of $10 million on April 18. The current Costa Rican government took power three weeks into the crisis and announced it would not negotiate with “terrorists.” Conti has since been linked to hacks in at least 30 institutions and has called on the population to rise up against the government. Though public unrest seems unlikely at the moment, the cyberattacks on the public health system suggest that a hack is ongoing, though the government has yet to confirm who is behind these latest attacks.

Cyberattacks on governments are an increasingly common occurrence, with Latin America being particularly prone to attack in the past months. Although the Conti hacking group traditionally aimed for targets in North America and Europe, its interest in other regions is growing. In May, the group claims to have hacked Peru’s National Directorate of Intelligence.

Conti’s hackers demanded a ransom of $20 million on May 14, but lowered it to $15 million six days later, which the government also refused to pay, but the infrastructure collapse in the days after was far more expensive. In the first two days of the attack alone, the Costa Rican Chamber of Foreign Commerce estimated losses of over $125 million. The economy is hemorrhaging an estimated $30 million a day since, according to congresswoman Gloria Navas. Finance minister Nogui Acosta warned that the government isn’t sure if it will be able to balance the books in May and does not know if taxes are being paid correctly, nor what has been spent.

Even now, mayhem continues in the country’s ports. Payroll systems are down, hindering the payment of about tens of thousands of public employees’ salaries.

Heidy Valencia, a 36-year-old Spanish teacher working in the country’s capital, San José, has not been paid in full since February — two months before the attack. Teachers also often pay for additional materials, such as photocopies, out of pocket to help their students. “It has affected me because there is not enough money to cover all my expenses,” Valencia told Rest of World. “It’s been very stressful, which has not helped with my mental health.”

“Many of my colleagues are going through a myriad of hardships. Many are finding it difficult to pay important debts like their mortgages. Some are struggling to cover their basic needs,” she told Rest of World. “I have had to make sacrifices.”

Daniel Jiménez, a 36-year-old microentrepreneur who files taxes for his small software business by himself, said, “The cyberattack has made paying taxes and invoicing income more complicated, because we rely on the Ministry of Finance’s system. … The real support for small business has been accountants.” 

The crisis has galvanized teachers into mobilizing against the government. Valencia is part of the Committee for Immediate Payment, formed after the hack. “We are organizing and working on an agenda to fight this issue,” she said, adding that teachers are waiting to see if they will be paid in full, otherwise they plan to protest in front of the presidential office.  

It was recently reported that Conti appears to have reconstituted itself and is working with smaller hacking organizations, leading analysts to believe that the attack on Costa Rica was motivated by a desire for publicity rather than money.

Jorge Mora, the country’s former Digital Governance director at the Ministry of Science, Innovation, Technology and Telecommunications, suggested that in the last couple of years, Costa Rica had started to make a name for itself in cybersecurity internationally, which may have ironically led Conti to notice it. In 2019, the General Comptroller’s Office published an analysis concerning the weaknesses in the Ministry of Finance’s IT systems, pointing out critical vulnerabilities. “These audit reports contain a lot of detail,” Mora told Rest of World, who was closely involved in the institution’s cybersecurity work just before the attack.  

The Ministry of Finance had hoped to restore some semblance of order by the end of May, but as hospital systems come under attack, foreign trade remains stuck, public employees are threatening strikes, and fiscal disorder reigns across the public administration. 

In the meantime, Felipe’s mother, Vargas, is reusing old colored pictures and garments as she waits for life to get back to normal. “When we talk about hacking, we usually think of state actors or large companies,” Vargas said, “but we also have to consider the families that are being affected by the situation; families that often have needs that must be resolved as soon as possible.”