Ransomware gang threatens to overthrow Costa Rica government

A ransomware gang that infiltrated some Costa Rican government computer systems has upped its threat

Via AP news wire
Monday 16 May 2022 21:56
Costa Rica Ransomware
Costa Rica Ransomware

A ransomware gang that infiltrated some Costa Rican government computer systems has upped its threat, saying its goal is now to overthrow the government.

Perhaps seizing on the fact that President Rodrigo Chaves had only been in office for a week, the Russian-speaking Conti gang tried to increase the pressure to pay a ransom by raising its demand to $20 million.

Chaves suggested Monday in a news conference that the attack was coming from inside as well as outside Costa Rica.

“We are at war and that's not an exaggeration,” Chaves said. He said officials were battling a national terrorist group that had collaborators inside Costa Rica.

Chaves also said the impact was broader than previously known, with 27 government institutions, including municipalities and state-run utilities, affected. He blamed his predecessor Carlos Alvarado for not investing in cybersecurity and for not more aggressively dealing with the attacks in the waning days of his government.

Despite Conti's threat, experts see regime change as a highly unlikely — or even the real goal.

“We haven’t seen anything even close to this before and it’s quite a unique situation,” said Brett Callow, a ransomware analyst at Emsisoft. “The threat to overthrow the government is simply them making noise and not to be taken too seriously, I wouldn’t say.

"However, the threat that they could cause more disruption than they already have is potentially real and that there is no way of knowing how many other government departments they may have compromised but not yet encrypted.”

Conti attacked Costa Rica in April, accessing multiple critical systems in the Finance Ministry, including customs and tax collection. Other government systems were also affected and a month later not all are fully functioning.

Chaves declared a state of emergency over the attack as soon as he was sworn in last week. The U.S. State Department offered a $10 million reward for information leading to the identification or location of Conti leaders.

Conti responded by writing, “We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency.”

The gang also said it was raising the ransom demand to $20 million. It called on Costa Ricans to pressure their government to pay.

The attack has encrypted government data and the gang said Saturday that if the ransom wasn’t paid in one week, it would delete the decryption keys.

The U.S. State Department statement last week said the Conti group had been responsible for hundreds of ransomware incidents during the past two years.

“The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” the statement said.

While the attack is adding unwanted stress to Chaves' early days in office, it's unlikely there was anything but a monetary motivation for the gang.

“I believe this is simply a for-profit cyber attack,” Callow, the analyst said. “Nothing more.”

__

AP writer Christopher Sherman in Mexico City contributed to this report.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in