Cyber Incident Victim: Junta de Protección Social
Date:
Apr 2022
Location:
Costa Rica
Summary
The LockBit ransomware group leaked approximately 7.8 GB of data allegedly stolen from a Costa Rican social protection agency responsible for public health programs, poverty relief, and lottery services. The breach involved unauthorized access to sensitive organizational files, with the attackers encrypting systems and threatening public data exposure unless a ransom was paid. This incident disrupted critical social welfare operations and compromised information related to vulnerable populations supported by the agency.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around April 24, 2022, the Lockbit ransomware group allegedly executed a cyberattack against Costa Rica’s Junta de Proteccion Social (JPS), a government entity responsible for social welfare programs including public health initiatives, lottery operations, and cemetery management. Evidence of the breach emerged on September 1, 2022, when the Twitter account @_bettercyber_ (BetterCyber) reported that Lockbit had published a file tree containing a 7.8 GB compressed archive purportedly exfiltrated from JPS systems. The file metadata within the leaked data indicated the intrusion occurred approximately five months prior. Lockbit, an established ransomware-as-a-service operation active since 2019, typically encrypts victim data and threatens public release unless ransom demands are met. The group’s inclusion of JPS data in their leak site suggested unsuccessful extortion attempts or a tactical decision to publicly demonstrate operational success.
The compromised data’s 7.8 GB volume implied significant exposure of JPS operational records, though specific content details were not disclosed in available reports. As an agency managing poverty alleviation programs, lottery revenue distribution, and cemetery services, a breach of JPS systems risked exposing sensitive citizen data and disrupting critical social services. The incident occurred amid a broader ransomware campaign targeting Costa Rican institutions, though the article does not specify containment measures, forensic findings, or recovery actions taken by JPS. Lockbit’s infrastructure enabled persistent access to victim networks, suggesting potential prolonged compromise prior to data exfiltration. The delayed public disclosure between the April intrusion and September data leak followed common ransomware group practices of allowing negotiation periods before publishing stolen information. No official statements from JPS regarding system restoration, legal notifications, or financial impacts were referenced in the source material.