Johannesburg - Costa Rican President Rodrigo Chaves has declared a national emergency, following cyber attacks on multiple government departments.
This comes on May 8, the same day the FBI put forward a $10 million bounty on the attackers and the first day Chaves effectively stepped into the role as the country’s 49th president.
As cyber attacks on Costa Rica continued from April into May, attackers took down government systems and leaked almost 700GB of data.
The site hosting the leaked data lists multiple departments purportedly affected by the attacks: The Finance Ministry, The Ministry of Labour and Social Security, the Social Development and Family Allowances Fund, and finally The Interuniversity Headquarters of Alajuela.
However, other government agencies have also been impacted, including the Costa Rican Social Security Fund, and the National Meteorological Institute.
The first attacks were aimed at the Finance Ministry, and the Costa Rican Treasury’s digital services have been unavailable since April 18.
The ministry has not yet revealed the full scope of the attacks, nor to what extent taxpayers’ information and payments have been affected.
The attacks were carried out using a ransomware known as Conti. Conti is also the name often used to refer to the group which uses the program to carry out attacks or provide the ransomware to other affiliates as a service.
It is one of these affiliates that has taken responsibility for the attacks on the Costa Rica government, claiming that they are not part of a larger group or national organisation.
Conti-based attacks have typically targeted health care services and facilities. Previous victims include Ireland’s Department of Health, which was asked to pay a $20 million ransom.
In May 2021, the FBI reported over a dozen attempted Conti-based attacks on US health care and first-responder organisations.
The US State Department released a statement saying the attack “severely impacted the country’s foreign trade by disrupting its customs and taxes platforms”.
It has offered up to $10 million for information leading to the organisers behind the Conti platform or up to $5 million for information leading to any person conspiring to commit a Conti-based ransomware attack.
The attacker, who identifies themselves as “unc1756”, claims that the purpose of the attack was to earn money. They claim to be planning to carry out more serious attacks, with larger teams, in the future, also writing that “Costa Rica is a demo version”.