Following cyber attacks by the Conti ransomware organization on numerous government bodies, Costa Rican President Rodrigo Chaves has declared a national emergency.
Conti also published the majority of the 672 GB dump, which looks to contain data from Costa Rican government entities, according to BleepingComputer.
Chaves signed the statement into law on May 8th, the same day that the economist and former Minister of Finance effectively became the country’s 49th and current president.
After cyberattacks, Costa Rica has declared a state of emergency.
Costa Rica’s newly elected President Chaves declared a national emergency on Sunday, May 8th, citing continued Conti ransomware attacks as the reason.
Last month, the Conti ransomware claimed a ransomware strike targeting Costa Rican government entities.
The Costa Rican Social Security Fund (CCSS), the country’s public health organization, previously said that “a perimeter security review is being carried out on the Conti Ransomware, to check and avoid possible attacks at the CCSS level.”
Conti’s data leak site, according to BleepingComputer, was updated yesterday to indicate that the group had exposed 97 percent of the 672 GB data dump reportedly containing information taken from federal agencies:
The Ministry of Finance was the first government entity to be harmed by Conti’s malware, and it has yet to thoroughly assess the scale of the security problem or the extent to which taxpayers’ information, payments, and customs systems have been disrupted.
Conti had previously requested a $10 million ransom from the Ministry, which the government had refused.
According to BleepingComputer, Conti’s leak site now identifies the following governments as being affected by the attack:
- Ministerio de Hacienda, Costa Rica’s Finance Ministry
- MTSS stands for the Ministry of Labor and Social Security.
- FODESAF stands for the Fund for Social Development and Family Allowances.
- SIUA, Alajuela’s Interuniversity Headquarters
The leaked data has not yet been evaluated by BleepingComputer, but a preliminary examination of a small fraction of the material reveals source code and SQL databases that appear to be from government websites.
Rather of blaming nation-state hackers, Conti threat actor “UNC1756” and their associate have claimed sole responsibility for the cyberattack. The threat actor has vowed to carry out “more serious” strikes in the future.
According to Amelia Rueda, who first reported on the development, the President’s executive order No. 42542 declares an emergency:
“The attack on Costa Rica by cybercriminals and cyberterrorists has been declared a national emergency, and we are signing this decree, specifically, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these attacks as criminal acts,” said the President, who was accompanied by Minister of the Presidency Natalia Daz and Minister of Science, Innovation, Technology and Telecommunications (Micit).
The Treasury’s digital services have been inaccessible since April 18th, hurting the entire “productive sector” due to the disruption of government procedures, signatures, and stamps, according to Amelia Rueda.
“We signed the decree so that the country can protect itself against the criminal attacks perpetrated by cybercriminals. That is an attack on the homeland, and we signed the decree to give ourselves a greater defense “President Chaves stated.
Conti’s attacks have also impacted the following agencies:
- The Ministry of Science, Innovation, Technology, and Telecommunications administers the Electrical Service of the province of Cartago (Jasec)
- National Weather Service Institute (IMN)
- Costa Rican radiography (Racsa)
- Social Security Fund of Costa Rica (CCSS)
Last week, BleepingComputer revealed that the US government is offering a reward of up to $15 million to anyone who can help identify and apprehend the leaders and operators of the Conti ransomware.
The US Department of State has committed to pay up to $10 million for information on the threat actors’ identities and whereabouts, with an additional $5 million reward for information leading to the arrest and/or conviction of those responsible for the assaults.
The Conti ransomware group is being investigated.
Conti is a ransomware-as-a-service (RaaS) enterprise associated to the Russian-speaking cybercrime organisation Wizard Spider (also known for other notorious malware, including Ryuk, TrickBot, and BazarLoader).
Ireland’s Health Service Executive (HSE) and Department of Health (DoH) are among the cybercrime gang’s victims, with the former demanding a $20 million ransom.
In May 2021, the FBI warned that Conti operatives had attempted to hack into over a dozen US healthcare and first response institutions.
Conti’s training materials, including information on one of its operators, a handbook on deploying several malicious tools, and numerous help documents purportedly offered to the group’s affiliates, were released by a disgruntled associate in August 2021.
Conti is now managing different side companies to support its ransomware activities or pay for initial network access when needed, according to analysts from multiple cybersecurity firms.
The Karakurt data extortion group, operating since at least June 2021 and recently linked to Conti as the cybercrime gang’s data extortion arm by researchers from Advanced Intelligence, Infinitum, Arctic Wolf, Northwave, and Chainalysis, is one such side operation.
