SAN JOSE, Costa Rica (AP) – A ransom gang that has infiltrated some Costa Rican government computer systems has stepped up its threat, saying its goal now is to overthrow the government.
Perhaps taking advantage of the fact that President Rodrigo Chavez has been in office for only a week, the Russian-speaking gang Conti has tried to increase pressure to pay a ransom by raising its demand to $ 20 million.
Chavez suggested at a news conference on Monday that the attack was coming from inside as well as outside Costa Rica.
“We are at war and this is no exaggeration,” Chavez said. He said officers are fighting a national terrorist group that has collaborators in Costa Rica.
Chavez also said the impact was wider than before, affecting 27 government institutions, including municipalities and public utilities. He accused his predecessor, Carlos Alvarado, of not investing in cybersecurity and failing to deal more aggressively with attacks in his government’s weakening days.
In a statement Monday, Conti warned he was working with people in government.
“We have insiders in your government,” the group said. “We are also working on gaining access to your other systems, you have no choice but to pay us. We know you’ve hired a data recovery specialist, don’t try to find workarounds. “
Despite Conti’s threat, experts see regime change as very unlikely – or even the real goal.
“We haven’t seen anything even close to this before, and it’s a very unique situation,” said Brett Callow, a ransomware analyst at Emsisoft. “The threat of overthrowing the government is simply that they make noise and do not take it too seriously, I would not say.
“However, the threat that they could cause more disruption than they already have is potentially real and that there is no way to know how many other government departments may have compromised but have not yet been encrypted.
Conti attacked Costa Rica in April, gaining access to a number of critical systems in the Treasury, including customs and tax collection. Other state systems were also affected, and a month later not all were fully operational.
Chavez declared a state of emergency over the attack as soon as he was sworn in last week. The US State Department has offered a $ 10 million reward for information leading to the identification or whereabouts of Conti’s leaders.
Conti replied, writing: “We are determined to overthrow the government by cyber attack, we have already shown you all the strength and power, you have declared a state of emergency.
The gang also said it was raising the ransom demand to $ 20 million. He called on Costa Ricans to pressure their government to pay.
The attack encrypted government data, and the gang said on Saturday that if the ransom was not paid within a week, it would delete the decryption keys.
A statement from the US State Department last week said the Conti group had been responsible for hundreds of ransomware incidents over the past two years.
“The FBI estimates that by January 2022, there were more than 1,000 victims of Conti ransomware attacks, with payouts of more than $ 150,000,000, making the Conti Ransomware variant the most expensive ransomware strain ever documented.” in the statement.
Although the attack added unwanted stress to the early days of Chavez’s rule, it is unlikely that there was anything other than monetary motivation for the gang.
“I believe it’s just a cyber attack for profit,” said Callow, an analyst. “Nothing more.”
__
Associated Press writer Christopher Sherman of Mexico City contributed to the report.
Add Comment