Security News > 2022 > May > Conti Ransomware Attack Spurs State of Emergency in Costa Rica
Costa Rican President Rodrigo Chaves declared a state of national cybersecurity emergency over the weekend following a financially motivated Conti ransomware attack against his administration that has hamstrung the government and economy of the Latin American nation.
The attack-attributed to the prolific Conti ransomware group-occurred three weeks ago not long after Chaves took office; in fact, the state of emergency was one of his first decrees as president.
Costa Rica so far has declined to pay, which resulted in Conti updating its data-leak site on Monday with 97 percent of the 672 GB of data that the group claims contains information stolen from Costa Rican government agencies, BleepingComputer reported.
The attack on Costa Rica could be a sign of more Conti activity to come, as the group posted a message on their news site to the Costa Rican government that the attack is merely a "Demo version." The group also said the attack was solely motivated by financial gain as well as expressed general political disgust, another signal of more government-directed attacks.
Conti likely has every employee's personal login credentials to any Costa Rican government site that they visited during the time the ransomware was active on the system before it locked files, which poses a big problem for citizens using government services online if Conti indeed has leaked the info, he said.
To date, Conti has been responsible for hundreds of ransomware incidents over the past two years, with more than 1,000 victims paying more than $150 million to the group, according to the FBI. This gives Conti the dubious honor of being the costliest ransomware strain ever documented, according to the feds.
News URL
https://threatpost.com/conti-ransomware-attack-emergency-costa-rica/179560/
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)