The Costa Rican government has declared a state of emergency as ransomware attacks on the public sector enter their third week. Russia’s affiliate cybercrime gang, Conti, has publicly claimed responsibility for the campaign, prompting the US State Department to offer up to $ 15 million for information to remove the group.

The devastation caused in Costa Rica shows the need to equalize cybersecurity capabilities, as the global nature of the economy means that these types of devastating attacks are leaving other countries exposed, experts said. Technical monitor. Analysts also believe that Conti may be so aggressive in Costa Rica because it is in the process of rebranding under the new name BlackBasta.

The Costa Rican government has declared a state of emergency as ransomware attacks on the public sector enter their third week. (Photo by Efenzi in Getty Images)

Costa Rica’s new president, Rodrigo Chavez, signed a declaration of state of emergency on Sunday, his first official day in office. Allows directing additional resources to the attacked departments.

Chaos has been raging in Costa Rica’s public sector for the past three weeks as ransomware attacks have disrupted several departments. The government has so far refused to pay the ransom, prompting many of the agencies affected to express concerns about rising costs. Deliveries to and from Costa Rica are also affected, with customs officials reportedly having to manually process shipments due to the attacks.

As Costa Rica refused to pay, the US government took action against Conti, offering $ 10 million to identify or locate the group’s leaders and $ 5 million for information leading to the arrest of anyone who conspired with Conti. “I think it’s probably better for Costa Rica to send a message that it won’t bow to this kind of blackmail,” said Luis Ferret, a researcher on Searchlight Security threats. “This makes them look favorable in the eyes of the US government and will help secure this call for information published by the State Department.”

Costa ransomware attack: geopolitical implications

The ransomware attack in Costa Rica demonstrates the need to increase cybersecurity competencies in governments around the world, said Emily Taylor, chief executive of Oxford Information Labs and a contributor to the International Security Program. “These crimes are cross-border in nature, and in the global southern countries the issue of cybersecurity capacity is even greater than elsewhere,” she said. “So this is not just a problem in Costa Rica.”

Content from our partners
How businesses can best prepare for the digitization of finance

How AI can enable Middle East energy operators to deliver Oil & Gas 4.0

How should businesses get out of their data center?

There are multilateral initiatives that have been organized to try to build cyber capabilities around the world, such as the UN Open-ended Working Group on Security. Taylor says this demonstrates governments’ interest in building cybersecurity capacity. She added: “Sometimes there is skepticism about how effective this is, but there is definitely an appetite for it.”

Central and South American countries have become a major target for hackers in recent years due to low levels of protection. A report by security company AdvIntel says that one in three ransomware attacks worldwide in 2020 is aimed at a Latin American country. Last month, local authorriots in Ecuador were targeted by the BlackCat ransom gang, while another group, Lapsu $, made its nameis hacking public sector organizations in Brazil, including its Ministry of Health

“South America has been through a terrible time in terms of cyber attacks over the last few years,” Ferret said. “It all happens at once, and these countries seem to be seen as low-hanging fruits, an easier option.”

She added: “I think there is an urgent need internationally for each country to move to such a standard where possible, because there is so much interconnectedness with the global economy today that there is a risk for everyone. If a country is so badly affected in this way, it can have a wider effect. “

Does Conti burn its brand as it transitions to another identity?

Conti’s actions to take over the entire government have attracted a lot of attention from the group, and Ferret believes he can be happy to take bold action because he is in the process of rebranding under another name, BlackBasta. “Conti is likely to have many other ‘side crimes’ on the cybercrime scene, including Karakurt’s data extortion group and the new BlackBasta gang,” she said. “The group may be less concerned about” burning “Conti’s identity if it already has these alternative revenue streams.” Obviously, the reward will still be a risk, she added.

BlackBasta has listed about a dozen victims in its blog in recent weeks, including German wind turbine giant Deutsche Windtechnik and the American Dental Association. Hackers have since released more than 100 GB of data allegedly stolen by Deutsche Windtechnik.

Read more: Costa Rica ransom software attack could portend new wave of Russian cybercrime

Costa Rica declares state of emergency as Conti ransomware attack continues

Previous articleProblems reading recipe labels? There is an application for this
Next articleThese bats buzz like wasps and bees. The sound can deter hungry owls