Costa Rica declares national emergency after Conti ransomware attacks

News
By Sead Fadilpašić
published

Multiple Costa Rican government agencies affected by the attack

security
(Image credit: Shutterstock / binarydesign)

The Costa Rican government is under such immense ransomware attack that it has reportedly been forced to declare a state of national emergency. 

BleepingComputer claims that the country’s president Rodrigo Chaves, signed the declaration into law on April 8, the same day he took office.

"The attack that Costa Rica is suffering from cybercriminals, cyberterrorists is declared a national emergency and we are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these attacks as criminal acts," the President was cited as saying.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Demanding $10 million in payment

"We signed the decree so that the country can defend itself from the criminal attack that cybercriminals are making us. That is an attack on the Homeland and we signed the decree to have a better way of defending ourselves," added President Chaves.

So far, it would seem that it’s not a nation-state, or state-sponsored actor behind the attack, but rather a financially motivated group known as UNC1756. The group deployed the Conti ransomware against a number of government endpoints, causing major disruptions in both public and private sectors as government procedures, signatures, and stamps, have all been disrupted. 

Among the affected organizations are the Costa Rican Finance Ministry, the Ministry of Labor and Social Security, the Social Development and Family Allowances Fund, and the Interuniversity Headquarters of Alajuela. 

Read more

> Conti ransomware group has internal chats leaked after siding with Russia

> Windows and LinkedIn flaws used in Conti ransomware attacks, Google warns

> A lone-wolf researcher has turned the table on the hackers

Other agencies, seemingly affected by the disruption, include the Administrative Board of the Electrical Service of the province of Cartago, the Ministry of Science, Innovation, Technology, and Telecommunications, the National Meteorological Institute, Radiographic Costarricense, and the Costa Rican Social Security Fund.

The attack seems to have kicked off in mid-April, with the threat actors allegedly demanding $10 million from the Ministry of Finance. The organization declined to pay the ransom, kicking off a major data dump by the threat actor. 

So far, UNC1756 leaked 97% of its stolen data dump, which counts 672 GB of sensitive information. To make matters worse, the group has threatened future attacks of “a more serious form”, too.

Currently, there’s a bounty on Conti’s leadership and operators. The US government is willing to give $15 million to whoever comes forth with any information that might lead to the identification, locating, and consequently, to the arrest, of these individuals.

Via: BleepingComputer

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.