The Costa Rican government is under such a ransomware attack that it has reportedly been forced to declare a national state of emergency.
BeepComputer claims that the country’s president, Rodrigo Chaves, signed the declaration promulgated on April 8, the same day he took office.
“The attack that Costa Rica is suffering from cybercriminals, cyberterrorists is declared a national emergency and we are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican state and allow our society to respond to these attacks as criminal acts,” the president said.
Demanding $10 million in payment
“We signed the decree so that the country can defend itself against the criminal attack that cyber criminals are making on us. This is an attack on the homeland and we signed the decree to have a better way to defend ourselves,” added President Chaves.
So far, it appears not to be a nation-state or state-sponsored actor behind the attack, but rather a financially motivated group known as UNC1756. The group deployed the Conti ransomware against a number of government terminals, causing major disruptions in both the public and private sectors, as government procedures, signatures and stamps were all disrupted.
Among the organizations involved are the Ministry of Finance of Costa Rica, the Ministry of Labor and Social Security, the Social Development and Family Allowance Fund and the Interuniversity Headquarters of Alajuela.
Other bodies apparently affected by the disruption include the Cartago Province Electric Service Board, the Ministry of Science, Innovation, Technology and Telecommunications, the National Institute of Meteorology, Radiographic Costarricense and the Costa Rican Social Security Fund. .
The attack appears to have started in mid-April, with threat actors reportedly demanding $10 million from the Department of Finance. The organization refused to pay the ransom, triggering a large data dump by the threat actor.
So far, UNC1756 has leaked 97% of its stolen data dump, which has 672 GB of sensitive information. To make matters worse, the group also threatened future attacks of a “more serious form”.
Currently, there is a premium on Conti’s leadership and operators. The US government is prepared to give $15 million to anyone who provides information that could lead to the identification, location and, therefore, arrest of these individuals.