Costa Rica has declared a national emergency following a month of catastrophic ransomware attacks. This measure, which is typically reserved for dealing with natural catastrophes, would allow the government to respond to the situation promptly.
President Rodrigo Chaves, who came into office on Sunday, declared an emergency as one of his first acts. Although it was released on Wednesday, Chaves did not name the members of the National Emergency Commission. The declaration refers to the attack on Costa Rica by “cybercriminals” and “cyberterrorists.”
Conti ransomware group
Conti is a Ransomware-as-a-Service (RaaS) enterprise associated with the Russian-speaking Wizard Spider cybercrime syndicate (also known for other notorious malware, including Ryuk, TrickBot, and BazarLoader).
According to the FBI, as of January 2022, there had been over 1,000 victims of Conti ransomware assaults, with ransom pay-outs totalling more than US $150,000,000. The Conti Ransomware version is known to be the most expensive strain of ransomware in history.
The US State Department eager to act against Conti
The Conti gang, which spoke Russian, took responsibility for the attack. The US State Department announced a $10 million reward last week for information leading to the identification or whereabouts of Conti leaders.
The damaging attack against Costa Rican government
When the attacks began in April, President Carlos Alvarado declared that Costa Rica would not pay the gang’s demanded ransom of US $10 million. Since then, Conti has been publishing the government’s stolen data on its site as punishment.
The Finance Ministry was the first to notify that several its systems, including tax collection and customs, had been compromised. The human resources system of the social security agency and the Labor Ministry were also targeted.
The Costa Rican government has not reported an expansion of the attack, but key systems, particularly at the Finance Ministry, are still down. The estimated damage caused by the attack is in the hundreds of millions of dollars.
97% of stolen data leaked
Conti’s data leak website was updated to show that the group had leaked 97 percent of the 672 GB data dump, supposedly containing information stolen from federal organisations.
The ransomware group is actively trying to cause alarm in other countries. The gang stated on its website that “Costa Rica is a demo version” and that “more significant attacks will come.” Businesses and individuals are fearful that sensitive information traded with government agencies would be leaked and used against them.