Costa Rican Gov. Targeted in Conti Cybercriminal Group's Latest Attack

Following a month of devastating ransomware attacks carried out by the Conti cybercriminal group, Costa Rica's newly elected president, Rodrigo Chaves, proclaimed a state of emergency on May 8. The group has gained access to Costa Rican government computers and is holding sensitive information and data hostage. The ransom was first set at $10 million, but it was recently increased to $20 million.

The Costa Rican government classified the incident as "unprecedented" in the country, adding that it was impossible to determine its size.

The ransomware gang claims to have "insiders" within the Costa Rican government. They also stated that they have no other choice but to pay them; that the encryption key will be deleted "within a week" and that it is urging Costa Ricans to put pressure on the government to pay the ransom as soon as possible.

The cyber incident began on April 12, 2022, when the government of then-President Carlos Alvarado revealed an attack on the finance ministry. Since then, cyber-attacks have extended to additional government agencies and institutions. Chaves revealed on May 16 that the attacks had harmed 27 Costa Rican entities. He said that the attacks had harmed the country's overseas trade and tax collections as well.

Peru is yet another victim of the Conti ransomware gang. On May 5, the country's Finance Ministry was targeted by ransomware, which threatened to leak more than 9GB of stolen data.

The governments of Israel, the United States, and Spain are said to have supported Costa Rica in repairing the damage caused by the attacks. Furthermore, the US Department of State announced on May 6 that it is offering a reward of up to $10 million for information leading to the identification and/or location of any individual(s) in a significant leadership role in the Conti ransomware transnational crime group.

According to the US Federal Bureau of Investigation, there were more than 1,000 victims of Conti ransomware assaults as of January 2022, with victim reimbursements totaling more than $150 million. As a result, the Conti Ransomware version is the most expensive ransomware outbreak ever observed.

In the mid-2020s, Conti began to make a name for itself. Exfiltrating data before encrypting it on local hard drives and backups, the gang is infamous for adopting double extortion techniques against its victims, which includes threatening to reveal the material to the public if the ransom is not paid.

At the start of the war in Ukraine in late February 2022, the Russian-based gang declared their support for Russia. They have been prominent actors of cybercrime throughout the world, now specifically targeting countries with sanctions against Russia at a higher volume. At this point in time, there is no slowdown in sight.