Conti ransomware group threatens to oust Costa Rica’s government as crisis deepens

Last week, Costa Rica declared a state of emergency following a massive Conti ransomware attack on its government. Now, Conti has boosted its threat, saying its aim is nothing less than to overthrow the government, The Associated Press has reported. “We have our insiders in your government,” the group said. “We are also working on gaining access to your other systems, you have no other options but to pay us.”

The group, which also doubled its ransom demand to $20 million, may be trying to take advantage of the fact that Costa Rica’s President Rodrigo Chaves has only been in office for a week. “We are at war and that’s not an exaggeration,” Chaves said, adding that officials were dealing with a national terrorist group with collaborators inside the nation. He says that the scale is broader than thought, with 27 government institutions, including municipalities and state utilities, affected. 

The US State Department has declared a $10 million bounty on Conti, saying the attack “severely impacted the country’s foreign trade by disrupting its customs and taxes platforms.” It’s reported to have affected Costa Rica’s ministries of finance, labor and social security, among other bodies. 

Conti was also in the news recently after attacking Parker Hannifin, a major component supplier for Boeing and Lockheed Martin. It reportedly infiltrated current and former employees, stealing information like their social security numbers, passport numbers, bank and routing numbers and more. 

However, the threat to overthrow Costa Rica’s government is likely just a ruse to extort more money, according to a ransomware analyst cited by the AP. “I believe this is simply a for-profit cyber attack,” said Emisoft’s Brett Callow. “Nothing more.”