May 17 — In April, the Conti ransomware group claimed responsibility for a series of attacks against Costa Rica’s government. As of May 7th, the Conti ransomware group allegedly leaked 97% of the stolen data that they had grabbed from government agencies.

Previously, Conti had demanded $10 million in ransom from the Ministry of Finance for the safe return of the sensitive files. The government declined to pay, after which hackers attempted to turn up the heat by asking for $20 million.

Recent developments in Costa Rica

In a press conference on Monday, Costa Rica’s President Rodrigo Chaves suggested that the attack was coming from both inside as well as outside of Costa Rica. “We are at war and that’s not an exaggeration,” stated Chaves.

The extent of the attacks appear more significant than investigators initially presumed, as 27 government institutions are now reportedly affected. The ransomware group has since suggested that it may attempt to overthrow Costa Rica’s government.

This past weekend, Conti added a message to its own website that taunted Costa Rica and that encouraged protests.

“I appeal to every resident of Costa Rica, go to your government and organize rallies so that they would pay us as soon as possible if your current government cannot stabilize the situation? maybe it’s worth changing it?” said the message.

Threatening to overthrow gov’t

Analysts believe that Conti’s threat to overthrow Costa Rica’s government is likely part of a scheme designed to help attackers extort additional funds. In the eyes of experts, Conti’s interest in Costa Rica is driven by profit motives.

Conti’s ransomware activities

The Conti ransomware group appears connected to the Russian-speaking Wizard Spider cyber crime group, which is known for its Ryuk, TrickBot and BazarLoader deployments.

Analysts state that Conti now manages a series of side businesses intended to sustain its ransomware operations. One such operation is the newly discovered Karakurt data extortion group, which now functions as the Conti operation’s special extortion arm.

According to the FBI, as of January of 2022, more than organizations had been affected by Conti ransomware. Victim payouts collectively exceeded $150,000,000, which helped to establish the Conti’s ransomware as the most costly ransomware ever documented.

Conti attacks Parker Hannifin

The Conti ransomware group recently made headlines again on account of attacking Parker Hannifin, a major supplier of industrial and mechanical equipment for companies like Boeing and Lockheed Martin. The attackers are believed to have stolen private data from employees; including passport numbers, bank and routing numbers and social security numbers.

For more information about the Conti ransomware gang, please see CyberTalk.org’s past coverage. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.