Conti Ransomware Gang Targets Costa Rican Government

Rodrigo Chaves, the new president of Costa Rica, has declared “war” on the Conti ransomware gang, whose attack in April has caused mass disruption.

Chaves only began his four-year term ten days ago, but has declared that Costa Rica is “at war” with the Conti ransomware gang. The President has also claimed that Conti are receiving help from collaborators within Costa Rica. In a strongly-worded statement on 16th May, Chaves told local media: “The war is against an international terrorist group, which apparently has operatives in Costa Rica. There are very clear indications that people inside the country are collaborating with Conti.” The president made the comments at a press conference outlining his administration’s plan for implementation of cybersecurity measures. The incident was declared a “national emergency”, and during the press conference repeatedly blamed his predecessor for not taking the Conti ransomware threat seriously enough.

The ransomware group have infiltrated 27 government agencies, including both municipalities and state-run utilities, such as the Ministry of Labor and Social Security and the Finance Ministry. One of the effects of the ransomware attack has been that the government have been unable to collect taxes through traditional means.

Conti have demanded $20m, a fairly modest amount considering they are holding critical sections of a nation state to ransom. Despite the ongoing disruption in the Costa Rican government, Chaves has given no indication he was going to pay the ransom. The “declaration of war” from Chaves is perhaps due to the fact that the Conti ransomware group are using unusual rhetoric, and have stated their intent to “overthrow the government by means of cyberattack”. In a message of the ransomware group’s website, they urge the citizens of Costa Rica to take to the streets and pressure the government into paying the ransom, which since the attack began back in April, has doubled from $10m to $20m. They are also claiming that the Chaves administration has just one week to pay the ransom, or the decryption keys will be destroyed. So far, Conti have published more than 600GB of government data online, and are threatening to post more.

Conti is a well-known ransomware gang, believed to operate from Russia, and have been involved in a number of ransomware attacks. In May 2021, Conti attacked the Irish health system, causing widespread disruption. Bizarrely, they ended up giving the Irish government the decryption key for free. Ironically, Conti themselves were recently the victims of a leak, where it was revealed that the ransomware gang operates like a regular business, even having an official HR department and an “employee of the month” award. In early May, the US government put out a reward of $10m for information about the group’s leadership, or $5m for information that would lead to the arrest of a Conti member.

This ransomware attack on the Costa Rican government is unusual. In the past, ransomware gangs have attacked individuals, government agencies and increasingly big businesses, but it’s rare to see an attack like this on a national state, a sovereign country.


President Chaves of Costa Rica