In May 2022, social networks and headlines flashed the unthinkable, the government of Costa Rica’s internal systems were hacked by a cyber-criminal gang, demanding $10M in ransom payment. Multiple systems were disrupted as initially reported. According to Infosecurity Magazine, “The gang claims to have stolen 1TB of data in the attack, including 900GB of databases from a tax administration portal and 100GB of internal documents containing personal information which belong to the Ministry of Finance.”
Days later in 2022, the same group announced that the website of Peru’s National Directorate of Intelligence, was also hacked, seeking ransom for what the group alleges is sensitive data.
Two trends from these 2022 attacks remain clear today:
Ransomware is here to stay and continues to get more sophisticated. And government institutions are becoming easy pickings for hackers, as they typically lack the resources or technical expertise and capabilities to defend their critical, digital infrastructure.
While resources and budget are not easy to access and are not infinite, fortunately, there are ways to strengthen security processes and supplement existing solutions to mitigate the threat of ransomware.
Following these 2022 attacks, Ridge Security offered free RidgeBot licenses to help Costa Rica recover from this incident.
To help the people and government of Costa Rica, we offered free licenses of our automated pentesting solution, RidgeBot. RidgeBot delivers vulnerability analysis and risk mitigation to help organizations and victims survive a ransomware attack. Incident responders can rely on RidgeBot to identify and validate exploitable risks among vast volumes of vulnerabilities and have faster response and remediation to the ransomware attacks. The security admin is informed of dangerous, successfully exploited vulnerabilities and shown the exact attack path that allowed that system to be compromised. Security admins can then quickly and proactively close all the vulnerabilities in their infrastructure.
Our software comes pre-configured with a template specifically to combat ransomware attacks and close any window of opportunity to malicious hackers.
The general recommendations from 2022 still apply today to minimize damage from a ransomware attack:
- Institute user behavior analytics to monitor and identify potential security incidents.
- Maintain and regularly test isolated backups
- Implement comprehensive employee security training
- Enforce strict access controls (especially MFA)
- Conduct continuous vulnerability assessments
- Segment networks to contain potential breaches
- Aggressively patch all systems and applications
- Monitor for unusual network activity
- Secure or disable high-risk services (RDP, VPN, SMB)
We continue to stand ready to help. Schedule a demo to learn more.