National Emergency Declared by Costa Rica Following Conti Cyberattacks
Conti’s Operations Go On!
Following cyber-attacks by the Conti ransomware organization on numerous government bodies, Costa Rican President Rodrigo Chaves has declared a national emergency.
According to the BleepingComputer publication, Conti also published the majority of the 672 GB dump, which looks to contain data from Costa Rican government entities.
Cyberattacks Led to National Emergency in Costa Rica
Costa Rica’s newly elected President Chaves declared a national emergency on Sunday, May 8th, the reason for this action being continuous Conti ransomware cyberattacks.
Last month, the Conti ransomware claimed a ransomware strike targeting Costa Rican government entities.
The Costa Rican Social Security Fund (CCSS), the country’s public health organization, previously said that:
A perimeter security review is being carried out on the Conti Ransomware, to check and avoid possible attacks at the CCSS level.
Conti’s data leak site, according to BleepingComputer, was updated yesterday to indicate that the group had exposed 97 percent of the 672 GB data dump reportedly containing data taken from government agencies.
The Ministry of Finance was the first government entity to be impacted by Conti’s malware, and it has yet to thoroughly assess the scale of the security problem or the extent to which taxpayers’ information, payments, and customs systems have been disrupted.
Conti had previously requested a $10 million ransom from the Ministry, which the government had refused.
What Government Entities Were Allegedly Impacted?
As BleepingComputer further says, Conti’s leak site now identifies the following governments as being affected by the attack:
- Ministerio de Hacienda, Costa Rica’s Finance Ministry;
- Ministry of Labor and Social Security also known under MTSS;
- The Social Development and Family Allowances Fund or shortly FODESAF;
- SIUA, Alajuela’s Interuniversity Headquarters.
Rather than blaming nation-state hackers, Conti threat actor “UNC1756” and their associates have claimed sole responsibility for the cyberattack. The threat actor has said to carry out more serious strikes in the future.
According to Amelia Rueda, who first reported on the development, the President’s executive order No. 42542 declares an emergency:
The attack that Costa Rica is suffering from cybercriminals, cyberterrorists is declared a national emergency and we are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these attacks as criminal acts.
The Treasury’s digital services have been inaccessible since April 18th, hurting the entire “productive sector” due to the disruption of government procedures, signatures, and stamps, according to Amelia Rueda news outlet.
Conti’s attacks have also impacted the following agencies: the Ministry of Science, Innovation, Technology, and Telecommunications, the National Meteorological Institute (IMN), Radiographic Costarricense (Racsa), the Administrative Board of the Electrical Service of the Province of Cartago (Jasec) and the Costa Rican Social Security Fund (CCSS).
The US Department of State has committed to pay up to $10 million for information on the threat actors’ identities and whereabouts, with an additional $5 million reward for information leading to the arrest and/or conviction of those responsible for the assaults.
Conti Ransomware: Short Background
Conti is a ransomware-as-a-service (RaaS) group associated with the Russian-speaking cybercrime organization Wizard Spider. Wizard Spider is also associated with other malware like Ryuk or TrickBot.
Ireland’s Health Service Executive (HSE) and Department of Health (DoH) are among the cybercrime gang’s victims.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.