Costa Rica had to declare a national emergency due to Conti attack

Cyber attacks by Conti ransomware on multiple government institutions forced the country to declare a national emergency

Costa Rican government agencies suffered form cyber attacksUp to 97% of the stolen data from Costa Rican government agencies have been published by Conti ransomware gang

Costa Rican government computer systems have been disrupted by ransomware. Conti ransomware gang claimed responsibility for these incidents.[1] The intrusion has compromised the tax collection, importation, and exportation systems. Shutdowns were caused all over the country, and the Conti gang leaked around 50% of the stolen data.[2] Out of the information, a big part was from the Finance Ministry.

Multiple reports noted the Conti ransomware attacks and the 672 GB dump of the data that belonged to government agencies.[3] The President of Costa Rica, Rodrigo Chaves, signed the law on Sunday, May 8th, and declared a national emergency. On the same day, this economist and former Minister of Finance became the 49th president of the country.

The demand was asked when the initial attack affected the systems, but the government insisted on not paying the asked demands. criminals demanded up to $10 million. Conti ransomware[4] gang has been leaking data from the stolen databases, and it has already published 97% of the data allegedly containing information stolen from Costa Rican government agencies.

The final consequences and losses are still unknown

The public body has suffered damages due to this Conti ransomware cyberattack. The Ministry of Finance has not yet evaluated the scope of issues that the security incident created. It is still unknown to what extent taxpayers' information about payments, custom details, and other information from accessed systems have been affected.

Conti ransomware gang affected the Costa Rican Finance Ministry, The Ministry of Labor and Social Security, The SOcial Development and Family Allowances Fund, and The Interuniversity headquarters of Alajuela. The stolen data includes the source code and SQL databases obtained from government websites.

It was first speculated that attacks have been launched by the nation-state hackers, but the Conti threat actor UNC1756 and other affiliates claimed the responsibility for the incident.[5] The promise of later attacks in more serious form was also released last month by them.

The time needed to defend the country from criminal attack

Costa Rica suffers attacks from cybercriminals, and many officials have spoken on the matter and the declaration of a national emergency. Since the 18th of April, many agencies and systems have been unavailable due to the procedures the government needs to take. Signature and stamp services have been disrupted.[6]

We signed the decree so that the country can defend itself from the criminal attack that cybercriminals are making us. That is an attack on the Homeland and we signed the decree to have a better way of defending ourselves

Conti attack significantly impacted the Administrative Board of Electrical Service of the province of Cartago, the Ministry of Science, Innovation, Technology, Telecommunications, national Meteorological Institute, Radiography Costarricense, and Costa Rican Social Security Fund.

The officials from the US have confirmed the offer to reward anyone that can provide details on the Conti ransomware operators and leadership. The identification and arrests of these criminals could be rewarded for up to $15 million. The Department of State offers up to $10 million for information on the identity or the location of these threat actors. An additional $5 million bounty is for leading to the conviction of these individuals responsible for these major ransomware attacks across the world.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions