In the wake of a massive ransomware attack against the Costa Rican government in April, the US government. issued a notice last week declaring a bounty potentially worth millions of dollars for people involved with the Conti ransomware used in the hack. Rodrigo Chaves Robles, recently sworn in as President of Costa Rica, declared a national emergency due to the attack according CyberScoop.
According BleepingTeam, the ransomware attack affected the Ministries of Finance and Labor and Social Security of Costa Rica, as well as the country’s Social Development and Family Allowances Fund, among other entities. The report also says that the attack affected some public treasury services starting on April 18. Hackers have not only brought down some of the government’s systems, but are also leaking data, according to CyberScoopwhich notes that almost 700 GB of data has reached the Conti site.
The US State Department says the attack “severely affected the country’s foreign trade by disrupting its customs and tax platforms” and is offering “up to $10 million for information leading to the identification and/or location” of the organizers. behind Conti. The US government is also offering $5 million for information “leading to the arrest and/or conviction of any individual in any country who conspires to participate or attempts to participate” in a Conti-based ransomware attack.
Last year, the US offered similar rewards for REvil and Dark side (the group behind the attack on the Colonial Pipeline). REvil is widely believed to be extinct after the US. allegedly hacked the group’s servers and the Russian government claimed to have arrested several members.
The Costa Rican government is not the only entity to fall victim to Conti ransomware. What krebs in security gradesthe group is particularly infamous for targeting healthcare facilities like hospitals and research centers.
The gang is also known for have your chat logs filtered after he declared that he fully supported the Russian government shortly after the invasion of Ukraine began. According to CNBC, those records showed that the group behind the ransomware itself was having organizational problems: people weren’t getting paid, and arrests were taking place. However, like many ransomware operators, the actual software was also used by “affiliates” or other entities who used it to carry out their own attacks.
In the case of Costa Rica, the attacker claims to be one of these affiliates and says that they are not part of a larger team or government, according to a message. published by CyberScoop. However, they have threatened to carry out “more serious” attacks, calling Costa Rica a “demo version”.