Ransomware group Conti threatens to overthrow Costa Rican government
It has urged citizens to go out onto the streets to demand their government pays the ransomware demand


The ransomware group Conti has threatened to overthrow the Costa Rican government after demanding the country pay $10 million last week to unlock key government systems affected by a cyber attack.
The group has now increased the pressure on the Costa Rican government to pay a ransom by raising its demand to $20 million, according to the AP. However, it remains unclear as to why the ransomware group is targeting this country in particular.
The attack is coming from inside and outside Costa Rica, President Rodrigo Chaves said in a news conference yesterday. He underlined the country was at war and that officials were battling a national terrorist group that had collaborators inside the country too.
The president added that the cyber attack’s impact was broader than initially suggested, affecting 27 government institutions, including state-run utilities. Chaves, who has been in his role for just over a week, blamed former president Carlos Alvarado for not investing enough in cyber security and for not dealing with the attacks in the last days of his government.
Conti warned Costa Rica that it has insiders in the government, the group said in a message posted yesterday. It emphasised that the country has less than a week left to pay the ransom before it destroys the keys to unlocking the devices affected by its ransomware. The group added that it knew the government had hired a data recovery specialist and warned it not to find workarounds.
“I once again appeal to the residents of Costa Rica go out on the street and demand payment,” said the message from Conti. “Another attempt to get in touch through other services will be punished by deleting the key.”
On 14 May, the ransomware group published a post titled “For Costa Rica and US terrorists (Biden and his administration)” where it urged the country to pay before it was too late. It highlighted that the country was destroyed by two people and that Conti was determined to overthrow the government by means of a cyber attack.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The group then updated this message on the same day, changing it to a more conciliatory tone. It asked why the country wouldn’t just buy a key, and questioned whether there had been cases where a country has entered a state of emergency following a cyber attack.
“I appeal to every resident of Costa Rica, go to your government and organise rallies so that they would pay us as soon as possible,” said the message. “If your current government cannot stabilise the situation? Maybe it’s worth changing it?”
President Chaves declared a state of emergency on 8 May after Costa Rica was hit by Conti ransomware in April. The full impact of the attack was initially unknown, although it did affect the Treasury, leaving it without digital services and having to resort to manual processes to complete its work. Conti asked for a $10 million ransom and underlined that around 97% of the data it had taken had been published, with around 672GB of information taken.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime
News A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
-
Everything we know about the Ingram Micro cyber attack so far
News A cyber attack on Ingram Micro severely disrupted operations and has been claimed by the SafePay ransomware group.
-
A prolific ransomware group says it’s shutting down and giving out free decryption keys to victims – but cyber experts warn it's not exactly a 'gesture of goodwill'
News The Hunters International ransomware group is rebranding and switching tactics
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
‘A huge national security risk’: Thousands of government laptops, tablets, and phones are missing and nowhere to be found
News A freedom of information disclosure shows more than 2,000 government-issued phones, tablets, and laptops have been lost or stolen, prompting huge cybersecurity concerns.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making