The new president of Costa Rica, Rodrigo Chaves Robles (who began a four-year term as president after winning the country’s April 4 election) signed the declaration of a national emergency over the weekend as fallout continues from a late-April ransomware attack.
According to the AP, the notorious Russian-aligned Conti ransomware gang has claimed this week that it has insiders in the Costa Rican government, warning that “they are determined to overthrow the government by means of a cyber attack. They have already shown all the strength and power and you have introduced an emergency.”
Costa Rica Declares State of Emergency Due to Ransomware Attacks
In a post inside Russian-based Conti’s dark web portal/platform, somebody calling themselves “unc1756” claimed responsibility for the April 17 attacks which also affected other Costa Rican agencies including the Ministry of Labor and Social Security; the Ministry of Science, Innovation, Technology, and Telecommunications; the National Meteorological Institute, among others. The severity of the damage is not fully known even days after.
But the so-mentioned post explains that 97% of the stolen data has been published (+672 gigabytes of information) and shows negative opinions about the Costa Rican government, blaming them for not paying the $10 million ransom.
President Carlos Alvarado later said this was an attempt to “threaten the country’s stability in a transitional situation.”
Around 9.5 gigabytes of data was also taken from Peru’s intelligence agency shortly after the Costa Rican leak. While one of the files in that dump was named “unc1756,” it’s not clear if it was executed by the same people.
The only thing official, for now, is that the US State Department offered a $15 million reward for the capture of the Conti Ransomware gang leaders, plus $5 million for insights that help in the arrest and/or conviction of those taking part, who supposedly had made over $150 million from 1,000+ victims.
Experts like Brett Callow (Emsisoft analyst) doubt there will be an actual change of regime nor that political ambitions are the priority for these gangs, and that such threats are simply noise; not to be taken seriously.
So, how is that the Conti Ransomware Gang and others similar work?
Thoughts About Russian-backed Conti Ransomware Gang
Conti is now considered a top-tier Russian-speaking ransomware group. Being specialized in double-extortion ransomware makes them one of the most ruthless in the game.
This is not more than a take-no-prisoners approach where they threaten to expose stolen data or use it for future attacks if victims don’t pay before the deadline. But what makes Conti frightening, is how they use the Ransomware-as-a-service (RaaS) model.
Their developers operate the online data portal by maintaining and updating the source code while a vast network of affiliate and access brokers do the dirty work: attacking and splitting the proceeds with the core group.
Their success rate is quite high considering the risk of leaking sensitive data out of hospitals and law-enforcement agencies. So, if you think about the most recent and controversial case yet, they likely have employees’ login credentials to Costa Rican government sites.
Therefore, posing a huge threat for citizens in the short or long term, in case more Conti activity comes soon. And it may as after the group posted a message on their news portal saying “the attack is merely a demo version, solely motivated by financial gain as well as general political disgust.”
Today’s read has been quite political. So, you may ask: how does this affect me in the US, out of any governmental position?
The uncomfortable truth is that ransomware gangs don’t exclusively target politics.
They make a lot more and get away more frequently by targeting small, mid-sized, and large businesses. And I’m just guessing you run one right now.
If you do, then it’s clear this affects you as well.
That’s why we’ve decided to offer free advisory to any business owner that needs it.
Just ask us the questions you have and our MyITGuy experts will jump right in to help you.