Ransomware in Costa Rica: Lessons Learned in Public Institutions from a Systems Engineering Perspective
Сохранить в:
| Автор: | |
|---|---|
| Формат: | artículo original |
| Статус: | Versión publicada |
| Дата публикации: | 2026 |
| Описание: | Ransomware is malicious software that encrypts system files and demands payment for the decryption key [1]. Its trajectory has shifted from isolated strains such as CryptoLocker to a fully fledged Ransomware-as-a-Service (RaaS) economy on the darknet, where attack kits are rented to affiliates [2], [3]. Costa Rica stands out as one of the most affected Latin-American countries: successive campaigns between 2019 and 2024 forced the government to declare a national emergency, disrupting public health, finance and customs services [4]. National incident data published by CSIRT-CR confirm a steady rise in reported ransomware events over the same period [5], while losses attributed to the 2022 Conti campaign alone exceeded USD 125 million [6]. This study analyses the tactics, techniques and procedures employed in these attacks, mapping them to the MITRE ATT&CK knowledge base and correlating them with known vulnerability profiles. On this basis, it proposes an integrated defence framework that blends ISO/IEC 27001 controls, the NIST Cybersecurity Framework and Zero-Trust principles, emphasising network segmentation, multifactor authentication, immutable backups and rehearsed incident-response playbooks. The lessons extracted aim to guide public institutions in Latin America toward enhanced cyber-resilience and faster recovery when confronted with modern ransomware threats. |
| Страна: | Portal de Revistas TEC |
| Институт: | Instituto Tecnológico de Costa Rica |
| Repositorio: | Portal de Revistas TEC |
| Язык: | Español |
| OAI Identifier: | oai:ojs.pkp.sfu.ca:article/8130 |
| Online-ссылка: | https://revistas.tec.ac.cr/index.php/tec_marcha/article/view/8130 |
| Ключевое слово: | Ransomware cybersecurity public institutions Costa Rica Zero Trust MITRE ATT&CK ciberseguridad instituciones públicas ingeniería de sistemas |