A ransomware gang that infiltrated some of the Costa Rican government’s computer systems has stepped up its threat, saying it now aims to overthrow the government.
Perhaps because President Rodrigo Chaves had only been in office for a week, the Russian-speaking Conti gang tried to ramp up pressure to pay the ransom by raising the demand to $20 million (about Rs. 155 crores).
Chaves suggested in a news conference Monday that the attack came from both within and outside Costa Rica.
“We are at war, and that is no exaggeration,” Chaves said. He said officials were fighting a national terrorist group with associates in Costa Rica.
Chaves also said the impact was broader than previously known, with 27 government agencies, including municipalities and state-run utilities. He accused his predecessor Carlos Alvarado of failing to invest in cybersecurity and address the attacks more aggressively in the waning days of his administration.
In a message Monday, Conti warned that it was working with people within the government.
“We have our insiders in your government,” the group said. “We are also in the process of accessing your other systems; you have no choice but to pay us. We know you have hired a data recovery specialist, don’t try to find workarounds.”
Despite Conti’s threat, experts view regime change as highly unlikely — if not the real goal.
“We’ve never seen anything like it, and it’s a pretty unique situation,” said Brett Callow, a ransomware analyst at Emsisoft. “The threat of overthrowing the government is that they are making noise and not being taken too seriously, I wouldn’t say.
“However, the threat that they could cause more disruption than they already have is potentially real, and there’s no way of knowing how many other government services they may have compromised but not yet encrypted.”
Conti attacked Costa Rica in April and gained access to multiple critical systems of the Treasury Department, including customs and tax collection. Other government systems were also affected; a month later, not all fully functioned.
Chaves declared a state of emergency over the attack as soon as he was sworn in last week. The US State Department offered a $10 million reward (approximately Rs. 77 crores) for information leading to the identification or location of Conti leaders.
Conti responded by writing: “We are determined to overthrow the government through a cyber attack; we have already shown you all the strength and power; you have introduced an emergency.””
The gang also said it would increase the ransom demand to $20 million. It called on Costa Ricans to put pressure on their government to pay.
The attack encrypted government data, and the gang said on Saturday that if the ransom were not paid within a week, it would delete the decryption keys.
Last week, a US State Department statement said the Conti group was responsible for hundreds of ransomware incidents over the past two years.
The FBI estimates that in January 2022, there were more than 1,000 victims of Conti ransomware-related attacks, with payouts to victims exceeding $150,000,000 (approximately Rs. 1,163 crores), making the Conti Ransomware variant the most expensive form of ransomware that has ever been documented,” the FBI said. Statement said.
While the attack adds unwanted stress to Chaves’ early days in the office, it’s unlikely there was anything other than financial motivation for the gang.
“I believe this is just a for-profit cyberattack,” said Callow, the analyst. “Nothing anymore.”
