TORONTO (Barrio) – It’s been a rough start for the newly elected Costa Rica president Rodrigo Chaves, who less than a week into office declared his country “at war” with the Conti ransomware gang.
“We’re at war,” Chaves told local media. “The war is against an international terrorist group, which apparently has operatives in Costa Rica. There are very clear indications that people inside the country are collaborating with Conti.”
Conti’s assault on the Costa Rican government began in April. The country’s Finance Ministry was the first hit by the Russia-linked hacking group, and in a statement on May 16, Chaves said the number of institutions impacted had since grown to 27. This, he admitted, means civil servants wouldn’t be paid on time and will impact the country’s foreign trade.
In a message posted to its dark web leaks blog, Conti urged the citizens of Costa Rica to pressure their government to pay the ransom, which the group doubled from an initial $10 million to $20 million. In a separate statement, the group warned: “We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power.”
Conti is among the most prolific hacking groups. The FBI warned earlier this year that the gang was among “the three top variants” that targeted businesses in the United States, and it has been blamed for ransomware attacks targeting dozens of businesses, including Fat Face, Shutterfly and the Irish healthcare service.
Some believe that Conti’s campaign against Costa Rica is motivated for siding with Ukraine. Experts say all signs point to money.
Chaves has repeatedly blamed the attack on his predecessor, former president Carlos Alvarado, for not investing in cybersecurity. While it’s unclear exactly what measures the country had implemented to protect against cyberattacks, Jorge Mora, the country’s director of digital governance, recently said that four million hacking attempts were recently blocked thanks to “protection systems” installed across institutions.
But it’s more likely that Costa Rica was just unlucky and targeted as part of a wider operation rather than due to any perceived weakness.
In a message posted to its dark web blog over the weekend, Conti claimed it had “insiders in [the Costa Rican] government,” which could go some way to explaining why the country became a target, or why the attack had such a devastating impact. This claim was echoed by President Chaves earlier this week, saying “there are very clear indications that people within the country are collaborating with Conti.”
Conti’s attack against Costa Rica is ongoing. In a post on Friday, Conti said it will delete the encryption keys used to lock Costa Rica’s government systems on May 23. As of the time of writing, Costa Rica’s government has refused to give in to Conti’s ransom demands.