Costa Rica Ransomware Attack: Status Updates, Damage and Conti Ransomware Gang Details
A Conti ransomware attack has prompted new Costa Rica President Rodrigo Chaves Robles on his first day in office to declare a state of national emergency.
Chaves, who was inaugurated on May 8, 2022, declared the state of emergency for the country’s entire public sector, as the fallout from the sustained ransomware attack by the Russia-based Conti syndicate that first hit the Ministry of Finance on April 18, 2022. Since that time, the Treasury has been without network service and has been forced to carry out its affairs manually.
The decree reads:
“The attack that Costa Rica is suffering from cybercriminals, cyberterrorists is declared a national emergency and we are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these attacks as criminal acts.” (via news outlet Ameliarueda.com)
Chaves said the decree is intended to provide a better way for the government to defend itself against the attackers.
For MSPs and MSSPs, the Costa Rica attack is a timely reminder to raise internal as well as customer defenses. To do so, the Cybersecurity and Infrastructure Security Agency (CISA) issued this updated MSP and MSSP security guidance on May 11, 2022.
Costa Rica Ransomware Attack: Overall Fallout Unknown
At this point in Costa Rica, the government does not know the extent of the hack and thus far there’s no word if the attackers pilfered taxpayer information and customs data. But, one of Conti’s affiliates, called “unc1756” is leaking data stolen from the Costa Rican government because it refused to meet a ransom demand, according to a post on Conti.News data leak site as seen by Emsisoft. “The purpose of this attack was to earn money, in the future I will definitely carry out [an] attack of a more serious format with a larger team, Costa Rica is a demo version,” reads the statement. (via CyberNews).
The US State Department is dangling a reward of up to $15 million for apprehending the Conti gang, $10 million for information leading to the identification and location of Conti leaders and $5 million for information resulting in the arrest or conviction of a Conti member.
Conti Ransomware Gang: Trail of Digital Destruction
Conti is widely regarded as among the two most dangerous ransomware families in circulation. In March, 2022, Lockbit 2.0 and Conti were responsible for 59 percent of the total attacks reported, with the former accounting for some 96 of the 283 identified incidents and the latter orchestrating 71 hijacks, according to the U.K.-based NCC Group’s monthly Threat Pulse report.
By another measure, the latter half of 2021 saw a massive increase in the number of attacks from Conti, which finished the year at 16.8 percent of all variants, for an increase of 228 percent over 2020, according to Blackfog’s 2021 Annual Ransomware Report.