QCOSTARICA — The State refinery, the Refinadora Costarricense de Petroleo (RECOPE), whose website was hacked last week is being held ransom to the tune of US$5 million dollars for the encryption key to access the website.
The Ministry of Science, Technology and Innovation (MICITT) that has been working with the RECOPE to establish its website, acknowledged that the attackers are asking for a ransom.
MICITT Minister Paula Bogantes indicated that this attack was carried out by the same group that hit the Repretel website and other Mexican sites. “Security attacks are increasing every year, but above all there are peaks during the end of the year and the beginning of the year,” said the minister.
– Advertisement –
Earlier this year, Costa Rica’s immigration service (Dirección General de Migración y Extranjería – DGEM) was successful in repelling an attempted intrusion.
Read more: RECOPE: “We are not willing to negotiate with criminals”
How does Ransomware operate?
The attack on RECOPE was by ransomware, where the attacker gains access to the victim’s network and installs malicious, encryption software on the network, locking devices and encrypting the data.
The attacker then asks for money (ransom) to return the access by way of the encryption key, or they work at the level of encryption and exfiltration of the data, and threaten to expose the data to the public. So it would be a double extortion.
When they do the encryption, they leave the ransom note, in the case of the RECOPE hack, US$5 million.
– Advertisement –
In the case of Recope, Bogantes pointed out that, although hackers could access and encrypt the data on the RECOPE servers, the company previously attended to all the security measures, and had a backup of the information.
In this case, the information was not lost, though the attacker could, as explained previously, spill (expose) publicly the information if the ransom is not paid.
Minister Bogantes added that the MICITT is currently working with the United States government experts to identify how the RECOPE intrusion occurred.
“There may be several possibilities: an employee who clicked on malicious software, a program update without installing a patch, or a direct attack on the web,” said Bogantes.
– Advertisement –
Source link
Rico