As a result of a massive ransomware attack on the Costa Rican government in April, the US government sent notice last week announcing a reward, potentially worth millions of dollars, for people involved in the ransom Conti software used in the hacking. Rodrigo Chavez Robles, recently sworn in as President of Costa Rica, a national state of emergency has been declared due to the attack, According to CyberScoop.
According to BleepingComputer, the ransomware attack affected Costa Rica’s Ministries of Finance and Labor and Social Security, as well as the country’s Social Development and Family Assistance Fund, among other entities. The report also said the attack affected some services from the country’s treasury, starting on April 18th. Hackers have not only downloaded some of the government systems, but data is leaking, according to CyberScoopwhich notes that almost 700 GB of data has made its way to the Conti site.
The US State Department says the attack “seriously affected the country’s foreign trade by disrupting its customs and tax platforms” and offered “up to $ 10 million for information leading to the identification and / or location” of organizers behind Conti. The U.S. government is also offering $ 5 million for information “leading to the arrest and / or conviction of any person in any country conspiring to participate or attempting to participate” in a Conti-based ransom attack.
Last year, the United States offered similar awards to REvil and DarkSide (the group behind the Colonial Pipeline attack). It is widely believed that REvil does not exist after the United States reportedly hacked the group’s servers, and the Russian government claims to have arrested several members.
The Costa Rican government is not the only organization to fall victim to Conti’s buyout software. Like Krebs for security notesthe group is particularly known for targeting healthcare facilities such as hospitals and research centers.
The gang is also known for leaking diaries in its chat rooms after announcing its full support for the Russian government shortly after the invasion of Ukraine. According to CNBC, these logs showed that the group behind the ransomware itself has organizational problems – people don’t get paid and arrests occur. However, like many ransomware operators, the actual software was also used by “related parties” or other entities that used it to carry out their own attacks.
In the Costa Rican case, the attacker claims to be one of those affiliates and says they are not part of a larger team or government, according to a statement Published by CyberScoop. However, they threatened to carry out “more serious” attacks, calling Costa Rica a “demo version”.