Costa Rica Declares a National Emergency in Ongoing Cyber Attack


Share on facebook
Share on twitter
Share on linkedin

Costa Rica has declared a national emergency following a month of catastrophic ransomware attacks. This measure, which is typically reserved for dealing with natural catastrophes, would allow the government to respond to the situation promptly.

President Rodrigo Chaves, who came into office on Sunday, declared an emergency as one of his first acts. Although it was released on Wednesday, Chaves did not name the members of the National Emergency Commission. The declaration refers to the attack on Costa Rica by “cybercriminals” and “cyberterrorists.”

Conti ransomware group

Conti is a Ransomware-as-a-Service (RaaS) enterprise associated with the Russian-speaking Wizard Spider cybercrime syndicate (also known for other notorious malware, including Ryuk, TrickBot, and BazarLoader).

According to the FBI, as of January 2022, there had been over 1,000 victims of Conti ransomware assaults, with ransom pay-outs totalling more than US $150,000,000. The Conti Ransomware version is known to be the most expensive strain of ransomware in history.

The US State Department eager to act against Conti

The Conti gang, which spoke Russian, took responsibility for the attack. The US State Department announced a $10 million reward last week for information leading to the identification or whereabouts of Conti leaders.

The damaging attack against Costa Rican government

When the attacks began in April, President Carlos Alvarado declared that Costa Rica would not pay the gang’s demanded ransom of US $10 million. Since then, Conti has been publishing the government’s stolen data on its site as punishment.

The Finance Ministry was the first to notify that several its systems, including tax collection and customs, had been compromised. The human resources system of the social security agency and the Labor Ministry were also targeted.

The Costa Rican government has not reported an expansion of the attack, but key systems, particularly at the Finance Ministry, are still down. The estimated damage caused by the attack is in the hundreds of millions of dollars.

97% of stolen data leaked

Conti’s data leak website was updated to show that the group had leaked 97 percent of the 672 GB data dump, supposedly containing information stolen from federal organisations.

Conti appears to have revealed 97% of the stolen 672 GB data dump (BleepingComputer)

The ransomware group is actively trying to cause alarm in other countries. The gang stated on its website that “Costa Rica is a demo version” and that “more significant attacks will come.” Businesses and individuals are fearful that sensitive information traded with government agencies would be leaked and used against them.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.