SAN JOSE, Costa Rica (AP) — A ransomware gang that has infiltrated some Costa Rican government computer systems has heightened its threat, saying its goal is now to overthrow the government.
Perhaps seizing on the fact that President Rodrigo Chaves had only been in office for a week, the Russian-speaking Conti gang tried to increase the pressure to pay a ransom by raising their demand to $20 million.
Chaves suggested at a press conference on Monday that the attack came from inside and outside Costa Rica.
“We are at war and that is no exaggeration,” Chaves said. He said officials were fighting a domestic terrorist group that had collaborators inside Costa Rica.
Chaves also said the impact was wider than expected, with 27 government institutions, including municipalities and utilities, affected. He blamed his predecessor Carlos Alvarado for not investing in cybersecurity and for not dealing more aggressively with attacks in his government’s final days.
In a message on Monday, Conti warned that he was working with people in government.
“We have our insiders in your government,” the group said. “We are also working on access to your other systems, you have no choice but to pay us. We know that you have hired a data recovery specialist, do not try to find solutions for bypass.
Despite Conti’s threat, experts see regime change as a highly unlikely goal, if not the real goal.
“We’ve never seen anything like it before and this is quite a unique situation,” said Brett Callow, ransomware analyst at Emsisoft. “The threat of overthrowing the government is just that they make noise and aren’t taken too seriously, I wouldn’t say.
“However, the threat that they could cause more disruption than they already have is potentially real and there is no way of knowing how many other departments they may have compromised but not yet costed. “
Conti attacked Costa Rica in April, gaining access to several critical finance ministry systems, including customs and tax collection. Other government systems have also been affected and a month later not all are fully functioning.
Chaves declared a state of emergency following the attack as soon as he was sworn in last week. The US State Department has offered a $10 million reward for any information leading to the identification or location of Conti’s leaders.
Conti responded by writing, “We are determined to overthrow the government by means of a cyberattack, we have already shown you full force and power, you have introduced an emergency.”
The gang also said they were increasing the ransom demand to $20 million. He called on Costa Ricans to pressure their government to pay.
The attack encrypted government data, and the gang said on Saturday that if the ransom was not paid within a week, it would delete the decryption keys.
The US State Department statement last week said the Conti Group had been responsible for hundreds of ransomware incidents over the past two years.
“The FBI estimates that as of January 2022, there have been over 1,000 victims of attacks associated with the Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest ransomware strain never documented,” the statement read.
Although the attack adds unwanted stress to Chaves’ early days in power, it’s unlikely there was anything other than monetary motivation for the gang.
“I think this is just a for-profit cyberattack,” said Callow, the analyst. “Nothing more.”
__
Associated Press writer Christopher Sherman in Mexico City contributed to this report.