SecureWorld News

Costa Rica Declares State of Emergency After Conti Ransomware Attack

Written by Drew Todd | Thu | May 12, 2022 | 10:13 PM Z

Newly elected Costa Rican President Rodrigo Chaves declared a state of emergency after several government agencies were hit with ransomware.

Conti threat actors gained access to the Finance Ministry on April 12, which eventually allowed them to access other government agencies, including the Ministry of Science, Technology and Telecommunications, and the National Meteorological Institute.

The official declaration of the state of emergency says the attack is "unprecedented in the country" and has crippled the government's ability to operate, as well as the national economy, as the attack disrupted tax collection and exposed the personal information of its citizens.

Conti leaks stolen Costa Rican data, hints at future attacks

The attackers demanded a $10 million payment from the Costa Rican government in exchange for not releasing any of the stolen information on the Dark Web. The government declined, as they should have, which led Conti to upload 97% of the data to its leak site—approximately 672 GB of data from various government agencies.

Bleeping Computer shared a screenshot of the leak site, which contained a message from the threat actor behind the attack, who had some interesting things to say:

"It is impossible to look at the decisions of the administration of the President of Costa Rica without irony, all this could have been avoided by paying, you would made your country really safe, but you will turn to Bid0n and his henchmen, this old fool will soon die. You also need to know no organized team was created for this attack, no government of other countries finalized this attack, everything was carried out by me with a successful affiliate, my name is unc1756. 

The purpose of this attack was to earn money, in the future I will definitely carry out attacks of a more serious form at with a larger team, Costa Rica is a demo version."

Bleeping Computer also shared that they had not fully analyzed the data, but it appears the data shows source code and SQL databases that belong to government websites.

'unc1756' sounds pretty serious in the post. Who could his next target be?

U.S. offers reward for Conti threat actors

Conti is a Russian affiliated ransomware gang that has been responsible for hundreds of incidents across the globe in the last couple years. The FBI estimates there are more than 1,000 victims of Conti, with payments totaling more than $150 million, which makes it the costliest ransomware strain ever.

In an effort to fight back against Conti, or in this case unc1756, the Department of State is offering rewards of up to $10 million "for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Conti ransomware variant transnational organized crime group."

The U.S. says it is also offering a reward of up to $5 million for information leading to the arrest of any individual who is even attempting to participate in Conti's cybercrimes.