Gridware Logo

Costa Rica Declares a National Emergency in Ongoing Cyber Attack

Share:

Costa Rica has declared a national emergency following a month of catastrophic ransomware attacks. This measure, which is typically reserved for dealing with natural catastrophes, would allow the government to respond to the situation promptly.

President Rodrigo Chaves, who came into office on Sunday, declared an emergency as one of his first acts. Although it was released on Wednesday, Chaves did not name the members of the National Emergency Commission. The declaration refers to the attack on Costa Rica by “cybercriminals” and “cyberterrorists.”

Conti ransomware group

Conti is a Ransomware-as-a-Service (RaaS) enterprise associated with the Russian-speaking Wizard Spider cybercrime syndicate (also known for other notorious malware, including Ryuk, TrickBot, and BazarLoader).

According to the FBI, as of January 2022, there had been over 1,000 victims of Conti ransomware assaults, with ransom pay-outs totalling more than US $150,000,000. The Conti Ransomware version is known to be the most expensive strain of ransomware in history.

The US State Department eager to act against Conti

The Conti gang, which spoke Russian, took responsibility for the attack. The US State Department announced a $10 million reward last week for information leading to the identification or whereabouts of Conti leaders.

The damaging attack against Costa Rican government

When the attacks began in April, President Carlos Alvarado declared that Costa Rica would not pay the gang’s demanded ransom of US $10 million. Since then, Conti has been publishing the government’s stolen data on its site as punishment.

The Finance Ministry was the first to notify that several its systems, including tax collection and customs, had been compromised. The human resources system of the social security agency and the Labor Ministry were also targeted.

The Costa Rican government has not reported an expansion of the attack, but key systems, particularly at the Finance Ministry, are still down. The estimated damage caused by the attack is in the hundreds of millions of dollars.

97% of stolen data leaked

Conti’s data leak website was updated to show that the group had leaked 97 percent of the 672 GB data dump, supposedly containing information stolen from federal organisations.

Conti appears to have revealed 97% of the stolen 672 GB data dump (BleepingComputer)

The ransomware group is actively trying to cause alarm in other countries. The gang stated on its website that “Costa Rica is a demo version” and that “more significant attacks will come.” Businesses and individuals are fearful that sensitive information traded with government agencies would be leaked and used against them.

Picture of Ahmed Khanji
Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. He is recognised for his insights into offensive security and emerging technologies such as blockchain, and often contributes to broader cybersecurity conversations across the country. With an extensive background as a security advisor to major Australian enterprises, Ahmed helps organisations navigate the evolving threat landscape with clarity and confidence.

Related Articles​

What Is a Managed Security Service Provider (MSSP)?

Managed Security vs In-House Security Team: Which Makes More Sense for Your Business?

How to Build a Cyber Incident Response Plan for Your Australian Business

Our services

We partner deeply with clients to understand their needs, working closely and iteratively to provide robust, best-in-class security solutions

Learn more about the team at forefront of the Australian Cyber Security scene.

Gridware team
Learn more about our renowned partners and awards.

Expert penetration testing

Incident investigation & remediation

Governance, Audits & Strategy

Simulate real attacks

Security-as-a-service

24x7x365 Security Operations Centre

Comprehensive & proactive security

Harness the benefits of cloud technology

End-to-end security suite

Swift, expert-led incident resolution

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Resources

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

RSPCA logo
Nikon logo

Download our Cyber Governance Factsheet

Network Penetration Testing

Get a quote

Please fill out the form so we accurately can quote your project:

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.

Download our Incident Response Factsheet