Close this search box.

Costa Rica Declares a National Emergency in Ongoing Cyber Attack


Costa Rica has declared a national emergency following a month of catastrophic ransomware attacks. This measure, which is typically reserved for dealing with natural catastrophes, would allow the government to respond to the situation promptly.

President Rodrigo Chaves, who came into office on Sunday, declared an emergency as one of his first acts. Although it was released on Wednesday, Chaves did not name the members of the National Emergency Commission. The declaration refers to the attack on Costa Rica by “cybercriminals” and “cyberterrorists.”

Conti ransomware group

Conti is a Ransomware-as-a-Service (RaaS) enterprise associated with the Russian-speaking Wizard Spider cybercrime syndicate (also known for other notorious malware, including Ryuk, TrickBot, and BazarLoader).

According to the FBI, as of January 2022, there had been over 1,000 victims of Conti ransomware assaults, with ransom pay-outs totalling more than US $150,000,000. The Conti Ransomware version is known to be the most expensive strain of ransomware in history.

The US State Department eager to act against Conti

The Conti gang, which spoke Russian, took responsibility for the attack. The US State Department announced a $10 million reward last week for information leading to the identification or whereabouts of Conti leaders.

The damaging attack against Costa Rican government

When the attacks began in April, President Carlos Alvarado declared that Costa Rica would not pay the gang’s demanded ransom of US $10 million. Since then, Conti has been publishing the government’s stolen data on its site as punishment.

The Finance Ministry was the first to notify that several its systems, including tax collection and customs, had been compromised. The human resources system of the social security agency and the Labor Ministry were also targeted.

The Costa Rican government has not reported an expansion of the attack, but key systems, particularly at the Finance Ministry, are still down. The estimated damage caused by the attack is in the hundreds of millions of dollars.

97% of stolen data leaked

Conti’s data leak website was updated to show that the group had leaked 97 percent of the 672 GB data dump, supposedly containing information stolen from federal organisations.

Conti appears to have revealed 97% of the stolen 672 GB data dump (BleepingComputer)

The ransomware group is actively trying to cause alarm in other countries. The gang stated on its website that “Costa Rica is a demo version” and that “more significant attacks will come.” Businesses and individuals are fearful that sensitive information traded with government agencies would be leaked and used against them.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →