In the wake of a massive ransomware attack on the Costa Rican government in April, the United States federal government issued a notice recently declaring a bounty worth countless dollars on individuals included with the Conti ransomware utilized in the hack. Rodrigo Chaves Robles, Costa Rica’s just recently sworn-in president, stated a nationwide emergency due to the attack, according to CyberScoop.
According to BleepingComputer, the ransomware attack impacted Costa Rica’s ministries of finance and Labor and Social Security, along with the nation’s Social Development and Family Allowances Fund, to name a few entities. The report also states that the attack affected some services from the nation’s treasury beginning on April 18th. Hackers not only took down a few of the government’s systems, they’re also leaking data according to CyberScoop, which noted that 700GB of information has found its way onto Conti’s Web site.
The US State Department states the attack “severely impacted the country’s foreign trade by disrupting its customs and taxes platforms” and offered “up to $10-million for information leading to the identification and/or location” of the organizers behind Conti. The US government is likewise providing $5-million for details “leading to the arrest and/or conviction of any individual in any country conspiring to participate in or attempting to participate” in a Conti-based ransomware attack.
In 2021, the US used similar bounties on REvil and DarkSide (the group behind the Colonial Pipeline attack). REvil is believed to be defunct after the United States hacked the group’s servers and the Russian government claimed to have arrested numerous members.
The Costa Rican federal government isn’t the only entity to fall victim to Conti’s ransomware. As Krebs On Security notes, the group is particularly notorious for targeting health care facilities such as hospitals and research study.
The gang is also known for having its chat logs leaked after it stated that it totally supported Russia’s federal government quickly after the invasion of Ukraine began. According to CNBC, those logs showed that the group behind the ransomware itself was having organizational concerns — individuals weren’t making money, and there were arrests happening. Like numerous ransomware operators, the real software was also used by “affiliates,” or other entities who used it to carry out their own attacks.
In Costa Rica’s case, the aggressor claims to be one of these affiliates and says that they aren’t part of a larger group or federal government, according to a message posted by CyberScoop. They have, nevertheless, threatened to perform “more serious” attacks, calling Costa Rica a “demo version.”