Amid the transfer of power to the new Costa Rican president, the Conti ransomware gang targeted the country in April, demanding a ransom of $10 million. The newly-elected president has now declared a state of emergency, with the Treasury facing downtime since April 18 and hundreds of gigabytes of sensitive government data now in the public domain.
Costa Rica’s newly elected president Rodrigo Chaves declared a national emergency on his first day in office following a ransomware attack on the country by the Conti ransomware gang. Reportedly, multiple government departments were targeted by the Russia-based ransomware syndicate.
Chaves, who took office on May 8, was forced to take the drastic step due to disruptions faced by Costa Rican government departments in the aftermath of the attack. Chaves saidOpens a new window , “The attack that Costa Rica is suffering from cybercriminals, cyberterrorists is declared a national emergency and we are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these criminal acts.â€
The Conti ransomware gang reportedly stole 672 GB of data belonging to Costa Rican government agencies and dumped 97% of it on its leak site. BleepingComputer confirmed the data dump.
Among the agencies/government bodies impacted include Costa Rica’s Ministry of Finance, Ministry of Labor and Social Security, Interuniversity Headquarters of Alajuela, Social Development and Family Allowances Fund, Ministry of Science, Innovation, Technology, and Telecommunications, National Meteorological Institute, Administrative Board of the Electrical Service of the province of Cartago, Costa Rican Social Security Fund, and Radiographic Costarricense.
Costa Rica Data Leak by Conti | Source: BleepingComputerOpens a new window
See More: Chinese APT Group Ran Multi-year Cyber Espionage Operation, Stole U.S. Trade Secrets
The data leak occurred after the Costa Rican government refused to fork out the $10 million ransom demanded by the Conti ransomware gang. The demand was made after the gang targeted the Finance Ministry and other bodies in April, impacting tax collection data and foreign trade. Conti, which had declared support for Russia before it was sabotaged internally, reportedly targeted the Costa Rican government only for a payday.
Conti reiterated this and said the country should’ve paid the ransom instead of turning to “Bid0n and his henchmen.†Executive director at Bellingcat Christo Grozev has previously said Conti is among the threat actors that take orders from Russia’s intelligence agency, the FSB. However, it is unclear whether the April attack and current leak are geopolitically-motivated.
🚨 #ContiOpens a new window ‘s latest message for Costa Rica 👇…#RansomwareOpens a new window #RansomwareGroupOpens a new window #ContileaksOpens a new window #unc1756Opens a new window pic.twitter.com/tIVu3XOvXKOpens a new window
— BetterCyber (@_bettercyber_) May 8, 2022Opens a new window
The Treasury has been facing downtime since April 18, as reported by Amelia Rueda. The declaration of emergency in Costa Rica, as Chaves noted, is to enable the country to defend itself better. Conti has a $15 million bountyOpens a new window on its head by the U.S. State Department ($10 million for identity and location information and $5 million for information leading to arrests).
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!