Security News > 2022 > July > How Conti ransomware hacked and encrypted the Costa Rican government

How Conti ransomware hacked and encrypted the Costa Rican government
2022-07-21 14:20

Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack's precision and the speed of moving from initial access to the final stage of encrypting devices.

The Conti ransomware operation launched in 2020 to replace Ryuk and quickly grew to infamy after attacking victims in both the private and the public sector, including local governments in the U.S., schools, and national healthcare systems.

On April 11, 2022, Conti began their last incursion under this brand after gaining initial access to the Costa Rica government's network and engaging in reconnaissance activity.

The researchers say that Conti operators leveraged Mimikatz to run a DCSync and Zerologon attack that gave them access to every host on Costa Rica's interconnected networks.

According to a note on the Conti leak site, the ransom demand was initially $10 million and then increased to $20 million when Costa Rica refused to pay.

AdvIntel notes that Conti's attack on the Costa Rican government "Was relatively unsophisticated" and that a 'flat' network designed combined with misconfigured administrative shares helped the attacker move to domain trusts.


News URL

https://www.bleepingcomputer.com/news/security/how-conti-ransomware-hacked-and-encrypted-the-costa-rican-government/