Ransomware in Costa Rica: Lessons Learned in Public Institutions from a Systems Engineering Perspective
Guardado en:
| Forfatter: | |
|---|---|
| Format: | artículo original |
| Status: | Versión publicada |
| Fecha de Publicación: | 2026 |
| Beskrivelse: | Ransomware is malicious software that encrypts system files and demands payment for the decryption key [1]. Its trajectory has shifted from isolated strains such as CryptoLocker to a fully fledged Ransomware-as-a-Service (RaaS) economy on the darknet, where attack kits are rented to affiliates [2], [3]. Costa Rica stands out as one of the most affected Latin-American countries: successive campaigns between 2019 and 2024 forced the government to declare a national emergency, disrupting public health, finance and customs services [4]. National incident data published by CSIRT-CR confirm a steady rise in reported ransomware events over the same period [5], while losses attributed to the 2022 Conti campaign alone exceeded USD 125 million [6]. This study analyses the tactics, techniques and procedures employed in these attacks, mapping them to the MITRE ATT&CK knowledge base and correlating them with known vulnerability profiles. On this basis, it proposes an integrated defence framework that blends ISO/IEC 27001 controls, the NIST Cybersecurity Framework and Zero-Trust principles, emphasising network segmentation, multifactor authentication, immutable backups and rehearsed incident-response playbooks. The lessons extracted aim to guide public institutions in Latin America toward enhanced cyber-resilience and faster recovery when confronted with modern ransomware threats. |
| País: | Portal de Revistas TEC |
| Institution: | Instituto Tecnológico de Costa Rica |
| Repositorio: | Portal de Revistas TEC |
| Sprog: | Español |
| OAI Identifier: | oai:ojs.pkp.sfu.ca:article/8130 |
| Online adgang: | https://revistas.tec.ac.cr/index.php/tec_marcha/article/view/8130 |
| Palabra clave: | Ransomware cybersecurity public institutions Costa Rica Zero Trust MITRE ATT&CK ciberseguridad instituciones públicas ingeniería de sistemas |