Costa Rica’s newly elected president, Rodrigo Chaves, declared a state of emergency on 8 May following a month of devastating ransomware attacks carried out by the Conti ransomware gang.
The gang has infiltrated Costa Rican government systems and is holding data to ransom. Originally the ransom stood at $10mn but has recently increased to $20mn.
The attack has been described by the Costa Rican government as “unprecedented” in the country, adding that it is impossible to know its magnitude.
A message on 16 May highlighted by cyber security company BetterCyber stated that the ransomware gang said it has “insiders” within the Costa Rican government. They also said there is no other option than to pay them.
Conti also said it will delete the encryption key “in a week” and that it appeals to residents of Costa Rica to pressure the government to pay the ransom as soon as possible.
The cyber incident originated on 12 April 2022 when then president-Carlos Alvarado’s government confirmed an attack against the finance ministry. Cyber attacks have since spread to other government institutions and authorities.
On 16 May, Chaves confirmed that 27 Costa Rican institutions had been affected by the attacks. He said that the attacks have impacted foreign trade and tax collections in the country.
It is understood that the governments of Israel, the US and Spain have aided Costa Rica in order to repair the damage inflicted by the attacks.
Moreover, on 6 May, the US Department of State said it is offering a reward of up to $10mn for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Conti ransomware transnational crime group.
The US Federal Bureau of Investigation estimates that as of January 2022, there were more than 1,000 victims of attacks associated with Conti ransomware, with victim payouts exceeding $150mn. This makes the Conti Ransomware variant the costliest strain of ransomware ever documented.
Another victim of the Conti ransomware gang is Peru. The country’s Finance Ministry was attacked on 5 May and the ransomware gang threatened to release over 9Gb of stolen data.
Conti began making a name for itself in mid-2020. The group is known for using double extortion tactics against its victims, which includes exfiltrating data before encrypting it on local hard drives and backups, then threatening to release the data to the public if the ransom is not met.
The Russian-based gang announced full support for Moscow at the beginning of the war in Ukraine in late February 2022.