Costa Rica Declares National Emergency Following Conti Cyber-Attack

Costa Rica has declared a national emergency following sustained cyber-attacks on government systems by the Russia-based Conti ransomware gang.

The decree, signed by newly-elected President Rodrigo Chaves, is believed to be the first-ever response of this type by a government to a cyber-attack. Chaves described the attack, which took place on April 18, as an act of “cyber terrorism.”

The notorious Conti gang, which has links to the Russian state, claimed responsibility for the incident. It is believed to be extorting the Costa Rica government for millions after rendering IT systems across several ministries and threatening to publish stolen data online. This included severely impacting the country’s foreign trade by disrupting its customs and taxes platforms.

The Conti group has since reportedly leaked 97% of the stolen data.

It is currently unclear whether there is any political motivation behind the attacks or if it is purely financial.

Last week, the US Department of State offered a $15m reward for information leading to the identification, arrest and/or conviction of individuals involved in attacks using the Conti ransomware variant. In its statement, the government cited the attack against Costa Rica.

Commenting on the story, Benny Czarny, founder and CEO of OPSWAT, said: “Many government and private entities have warned of potential cyber disruption from Russian-affiliated groups if there is overt support shown for Ukraine. However, Conti’s ransomware attacks on Costa Rica are more likely an act of opportunity rather than retaliation given Costa Rica’s recent leadership changes – and they knew shutting off access to critical agencies would cause disruption for citizens who are dependent on those funds and in a democracy, can directly impact the candidates or parties in power.

“While Conti has claimed responsibility for the sustained cyber-attacks against Costa Rica for the last month, newly-elected President Chaves Robeles’ recent declaration for a State of Emergency goes to show the severity of attacks on their government bodies and customs and taxpayer platforms. It has been estimated that the digital outages have cost $200m, and based on the overall economic impact, declaring a State of Emergency is not unrealistic as it prioritizes governmental resources accordingly.”

In February, a vast amount of Conti’s internal chat data was leaked by a Ukrainian researcher shortly after the group released a statement supporting Russia’s invasion of Ukraine.

What’s Hot on Infosecurity Magazine?