Ransomware group Conti threatens to overthrow Costa Rican government

A person at a computer looking dejected with one hand on their head staring at computer code

(Image credit: Getty Images)

published 17 May 2022

The ransomware group Conti has threatened to overthrow the Costa Rican government after demanding the country pay $10 million last week to unlock key government systems affected by a cyber attack.

The group has now increased the pressure on the Costa Rican government to pay a ransom by raising its demand to $20 million, according to the AP. However, it remains unclear as to why the ransomware group is targeting this country in particular.

Costa Rica declares state of emergency following Conti ransomware attack Conti ransomware gang data leaked by Ukrainian cyber researcher Conti source code leaked by Ukrainian researcher

The attack is coming from inside and outside Costa Rica, President Rodrigo Chaves said in a news conference yesterday. He underlined the country was at war and that officials were battling a national terrorist group that had collaborators inside the country too.

The president added that the cyber attack’s impact was broader than initially suggested, affecting 27 government institutions, including state-run utilities. Chaves, who has been in his role for just over a week, blamed former president Carlos Alvarado for not investing enough in cyber security and for not dealing with the attacks in the last days of his government.

Conti warned Costa Rica that it has insiders in the government, the group said in a message posted yesterday. It emphasised that the country has less than a week left to pay the ransom before it destroys the keys to unlocking the devices affected by its ransomware. The group added that it knew the government had hired a data recovery specialist and warned it not to find workarounds.

“I once again appeal to the residents of Costa Rica go out on the street and demand payment,” said the message from Conti. “Another attempt to get in touch through other services will be punished by deleting the key.”

On 14 May, the ransomware group published a post titled “For Costa Rica and US terrorists (Biden and his administration)” where it urged the country to pay before it was too late. It highlighted that the country was destroyed by two people and that Conti was determined to overthrow the government by means of a cyber attack.

The group then updated this message on the same day, changing it to a more conciliatory tone. It asked why the country wouldn’t just buy a key, and questioned whether there had been cases where a country has entered a state of emergency following a cyber attack.

“I appeal to every resident of Costa Rica, go to your government and organise rallies so that they would pay us as soon as possible,” said the message. “If your current government cannot stabilise the situation? Maybe it’s worth changing it?”

President Chaves declared a state of emergency on 8 May after Costa Rica was hit by Conti ransomware in April. The full impact of the attack was initially unknown, although it did affect the Treasury, leaving it without digital services and having to resort to manual processes to complete its work. Conti asked for a $10 million ransom and underlined that around 97% of the data it had taken had been published, with around 672GB of information taken.

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.