Ransomware gang threatens to overthrow Costa Rica government

A ransomware group that infiltrated several Costa Rican government computer systems has escalated its threat, declaring that its new goal is to overthrow the government.

Perhaps capitalizing on the fact that President Rodrigo Chaves had just been in power for a week, the Russian-speaking Conti gang raised its ransom demand to $20 million.

In a news conference on Monday, Chaves suggested that the attack could have originated both inside and outside of Costa Rica.

Chaves further stated that the damage was larger than previously thought, affecting 27 government entities, including municipalities and state-run utilities. He faulted his predecessor, Carlos Alvarado, for not investing in cybersecurity and not dealing with the attacks more vigorously in the final days of his administration.

Despite Conti’s threat, experts believe regime change is exceedingly unlikely — if not the ultimate goal.

“We haven’t seen anything even close to this before and it’s quite a unique situation,” said Brett Callow, a ransomware analyst at Emsisoft. “The threat to overthrow the government is simply them making noise and not to be taken too seriously, I wouldn’t say.

Conti launched an attack on Costa Rica in April, gaining access to several vital systems in the Finance Ministry, including customs and tax collection. Other government systems were also impacted, and only a month later are they fully operational.

As soon as he was inaugurated in last week, Chaves proclaimed a state of emergency in response to the attack. The State Department of the United States announced a $10 million reward for information leading to the identification or location of Conti leaders.

Conti answered by saying, “We are determined to overthrow the government by means of  a cyber-attack; we have already shown all of the might and power, and you have introduced an emergency.”

The group also announced an increase in the ransom demand to $20 million. It urged Costa Ricans to put pressure on their government to pay.

The hack has encrypted government data, and the gang claimed Saturday that if the ransom is not paid in one week, the decryption keys will be deleted.

According to a statement issued by the US State Department last week, the Conti group was responsible for hundreds of ransomware incidents over the last two years.

“As of January 2022, the FBI estimates that there had been over 1,000 victims of Conti ransomware attacks, with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” the release claimed.

While the incident has added unnecessary stress to Chaves’ early days in office, it is unlikely that the group was motivated by anything other than monetary gain.