Conti Costa Rica Ransomware Attack Explained

Contents

Summary Of The Attack

  • Costa Rica was attacked by Conti in April 2022.
  • After the initial ransom demands were rejected, several ministries and
    agencies have since been attacked.
  • Over 600GB of data stolen from the attack has been leaked online.
  • Costa Rica has declared a state of emergency as a result of the impact of the incident.
  • The US Department of State is offering a $15 million bounty for the arrest
    of those responsible for deploying Conti.
.

What Happened?

On May 8th, 2022 the President of Costa Rica Rodrigo Chaves declared a national emergency due to an ongoing Conti ransomware campaign against several Costa Rican government entities starting in April of this year.

Conti is a prolific ransomware-as-a-service operation that has been infecting and damaging systems since it was first observed in 2020.

Attributed to the threat group called WizardSpider by CrowdStrike in 2019.

The group is also known for TrickBot and the Ryuk ransomware distributed through the ZLoader botnet which we previously reported as shutdown by Microsoft.

Conti Contains New And Novel Techniques

Conti ransomware contains new and novel techniques that few other ransomware variants have exhibited so far.

Conti’s design makes it one of the fastest encrypting ransomware, able to run 32 simultaneous encryption threads, and it can be remotely controlled via command-line options.

Attackers are able to target and control what files are encrypted and in what order, allowing the malware to quickly encrypt important shared data without immediately making the local system unusable to users which could allow an enterprise time to act.

The attack on the nation of Costa Rica began with a Conti cyber attack at the Ministry of Finance on April 18th.

The Ministry is still evaluating the scope of the incident and has yet to determine what, if any, impact there may be on taxpayers’ information or payments.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

IT Security Policy Templates