May 09 – In Costa Rica, President Rodrigo Chaves has declared a national emergency in the wake of cyber attacks conducted by the Conti ransomware group. The attackers managed to disrupt several government bodies, hampering everyday operations. Continuing operational and technical challenges were cited as the reason for the declaration.
Further, the government intends to leverage the declaration to assist with response efforts. “…We are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these attacks as criminal acts,” stated the President and other officials, in a joint statement.
Recent Conti Ransomware attacks
Last month, the Conti group claimed a series of attacks against the Costa Rican government. At that point in time, entities noted that perimeter security reviews were underway.
As of May 7th, the Conti group had allegedly leaked 97% of the data containing information belonging to government agencies.
Conti had previously demanded a $10 million ransom from the Ministry of Finance, which the government had declined to pay.
Conti’s newly emerging cyber threats
The Conti ransomware group has not only claimed responsibility for the attack, but also also threatened to conduct future attacks of “a more serious form.”
The Conti group is linked to the Russian-speaking Wizard Spider cyber crime group, which is known for its Ryuk, TrickBot and BazarLoader deployments.
Analysts state that Conti now manages a series of side businesses intended to sustain its ransomware operations. One such operation is the newly discovered Karakurt data extortion group, which now functions as the Conti operation’s special extortion arm.
The US government is offering up to $15 million in rewards to anyone able to provide information that can lead to the identification and arrests of Conti ransomware’s leadership and employees.
For more information about the Conti ransomware group, see CyberTalk.org’s past coverage. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.