The ransomware group Conti has threatened to overthrow the Costa Rican government after demanding the country pay $10 million last week to unlock key government systems affected by a cyber attack.
The group has now increased the pressure on the Costa Rican government to pay a ransom by raising its demand to $20 million, according to the AP. However, it remains unclear as to why the ransomware group is targeting this country in particular.
The attack is coming from inside and outside Costa Rica, President Rodrigo Chaves said in a news conference yesterday. He underlined the country was at war and that officials were battling a national terrorist group that had collaborators inside the country too.
The president added that the cyber attack’s impact was broader than initially suggested, affecting 27 government institutions, including state-run utilities. Chaves, who has been in his role for just over a week, blamed former president Carlos Alvarado for not investing enough in cyber security and for not dealing with the attacks in the last days of his government.
Conti warned Costa Rica that it has insiders in the government, the group said in a message posted yesterday. It emphasised that the country has less than a week left to pay the ransom before it destroys the keys to unlocking the devices affected by its ransomware. The group added that it knew the government had hired a data recovery specialist and warned it not to find workarounds.
“I once again appeal to the residents of Costa Rica go out on the street and demand payment,” said the message from Conti. “Another attempt to get in touch through other services will be punished by deleting the key.”
On 14 May, the ransomware group published a post titled “For Costa Rica and US terrorists (Biden and his administration)” where it urged the country to pay before it was too late. It highlighted that the country was destroyed by two people and that Conti was determined to overthrow the government by means of a cyber attack.
The group then updated this message on the same day, changing it to a more conciliatory tone. It asked why the country wouldn’t just buy a key, and questioned whether there had been cases where a country has entered a state of emergency following a cyber attack.
“I appeal to every resident of Costa Rica, go to your government and organise rallies so that they would pay us as soon as possible,” said the message. “If your current government cannot stabilise the situation? Maybe it’s worth changing it?”
President Chaves declared a state of emergency on 8 May after Costa Rica was hit by Conti ransomware in April. The full impact of the attack was initially unknown, although it did affect the Treasury, leaving it without digital services and having to resort to manual processes to complete its work. Conti asked for a $10 million ransom and underlined that around 97% of the data it had taken had been published, with around 672GB of information taken.
-
Gender diversity improvements could be the key to tackling the UK's AI skills shortageNews Encouraging more women to pursue tech careers could plug huge gaps in the AI workforce
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
