Ransomware gang Conti has raised the stakes as its attack on Costa Rica continues, threatening to topple the country’s government if its demands are not met. Conti also doubled the ransom needed to release data on Costa Rica to $ 20 million. Costa Rican President Rodrigo Chavez announced overnight that the attacks had intensified and that he had formed a “SWAT” team to try to end the problems.

Costa Rican President Rodrigo Chavez. (Photo: LUIS ACOSTA / AFP via Getty Images)

Chavez told a news conference that Costa Rica is “At war and this is not an exaggeration“As Conti’s attacks enter the fourth week. He explained that there are currently 27 affected state institutions, nine of which are significantly infected. These include the Ministerio de Hacienda (Ministry of Finance), which is believed to have been the original point of attack.

The president revealed the scale of the attacks and the impact they had on Costa Rica’s public sector. “We have failed to collect taxes for the traditional tax system,” he said, while international trade is still severely affected as the nation’s customs system remains compromised. The payment of salaries to public sector employees is also affected.

Calling Conti an “international terrorist group,” Chavez also said that “there are very clear indications that the people of the country are collaborating with Conti.” His administration has formed a “SWAT team” bringing together technical experts from Costa Rica’s Ministry of Innovation, Science, Technology and Telecommunications, the Ministry of Finance, the National Emergency Commission and the Costa Rican Institute of Electricity to try to bring the attack under control.

Does Conti have any help from Costa Rica?

Conti released several messages to his blog on the dark web over the weekend, announcing that he had doubled the ransom to $ 20 million, that he was “determined to overthrow the government through a cyber attack.” He says he will delete the data decryption keys he stole if Chaves continues to work with data recovery specialists.

One of the posts from the dark web blog of the RaaS band Conti. (Photo: Searchlight Security)

One of the reports also states that the gang has “insiders.” [the Costa Rican] government ”, in particular a threat named UNC1756. The UNC numbers refer to a cybercrime categorization system used by leading cybersecurity firm Manidant. However, it is doubtful that this statement is true, says Louise Ferret, a threat analyst at Searchlight Security. “I would be skeptical of that statement,” she said. “Although their name mimics the Mandiant classification, there is no evidence of a previous threat identified under the heading UNC1756.”

The actor mentioned in the message has been active for only a month, she explains, and that is why it is unlikely that they managed to gain so much influence so quickly. Redemption gangs often make grandiose allegations to pressure their victims to pay and should not be taken too seriously, she continued. “The Costa Rican government must continue with its recovery plan, as outlined by experts, while remaining vigilant for any signs of truth in the threat statement about malicious insiders,” Ferret added.

Content from our partners
Take advantage of the cloud and expertise to optimize deployment-to-completion commitments

How businesses can best prepare for the digitization of finance

How AI can enable Middle East energy operators to deliver Oil & Gas 4.0

“We will overthrow the government” – Does Conti have help inside Costa Rica?

Previous articleOnly DevSecOps can save the metaverse
Next articleHow Mammals Conquered the World after the Asteroid Apocalypse