The ransomware group Conti has threatened to overthrow the Costa Rican government after demanding the country pay $10 million last week to unlock key government systems affected by a cyber attack.
The group has now increased the pressure on the Costa Rican government to pay a ransom by raising its demand to $20 million, according to the AP. However, it remains unclear as to why the ransomware group is targeting this country in particular.
The attack is coming from inside and outside Costa Rica, President Rodrigo Chaves said in a news conference yesterday. He underlined the country was at war and that officials were battling a national terrorist group that had collaborators inside the country too.
The president added that the cyber attack’s impact was broader than initially suggested, affecting 27 government institutions, including state-run utilities. Chaves, who has been in his role for just over a week, blamed former president Carlos Alvarado for not investing enough in cyber security and for not dealing with the attacks in the last days of his government.
Conti warned Costa Rica that it has insiders in the government, the group said in a message posted yesterday. It emphasised that the country has less than a week left to pay the ransom before it destroys the keys to unlocking the devices affected by its ransomware. The group added that it knew the government had hired a data recovery specialist and warned it not to find workarounds.
“I once again appeal to the residents of Costa Rica go out on the street and demand payment,” said the message from Conti. “Another attempt to get in touch through other services will be punished by deleting the key.”
On 14 May, the ransomware group published a post titled “For Costa Rica and US terrorists (Biden and his administration)” where it urged the country to pay before it was too late. It highlighted that the country was destroyed by two people and that Conti was determined to overthrow the government by means of a cyber attack.
The group then updated this message on the same day, changing it to a more conciliatory tone. It asked why the country wouldn’t just buy a key, and questioned whether there had been cases where a country has entered a state of emergency following a cyber attack.
“I appeal to every resident of Costa Rica, go to your government and organise rallies so that they would pay us as soon as possible,” said the message. “If your current government cannot stabilise the situation? Maybe it’s worth changing it?”
President Chaves declared a state of emergency on 8 May after Costa Rica was hit by Conti ransomware in April. The full impact of the attack was initially unknown, although it did affect the Treasury, leaving it without digital services and having to resort to manual processes to complete its work. Conti asked for a $10 million ransom and underlined that around 97% of the data it had taken had been published, with around 672GB of information taken.
-
Kaseya targets new growth with double C-suite appointmentNews Anthony Anzevino joins the security vendor as chief revenue officer, while Pratik Wadher takes the role of chief technology officer
-
Mobile app security is a huge blind spot for developer teamsNews Organizations are overconfident about their mobile app security practices, according to new research, and it’s putting enterprises and consumers alike at risk.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
‘Hugely significant’: Experts welcome UK government plans to back down in Apple encryption battle – but it’s not quite over yetNews Tulsi Gabbard, US director of national intelligence, has confirmed the UK plans to back down on plans that would see Apple forced to create a "back door" for authorities.
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
