Previous
Learn how PurpleSec’s experts can protect your business against the latest cyber attacks.
Author: Josh Allen / Last Updated: 7/10/2022
Reviewed By: Dalibor Gašić, & Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
Table Of Contents
On May 8th, 2022 the President of Costa Rica Rodrigo Chaves declared a national emergency due to an ongoing Conti ransomware campaign against several Costa Rican government entities starting in April of this year.
Conti is a prolific ransomware-as-a-service operation that has been infecting and damaging systems since it was first observed in 2020.
Attributed to the threat group called WizardSpider by CrowdStrike in 2019.
The group is also known for TrickBot and the Ryuk ransomware distributed through the ZLoader botnet which we previously reported as shutdown by Microsoft.
Conti ransomware contains new and novel techniques that few other ransomware variants have exhibited so far.
Conti’s design makes it one of the fastest encrypting ransomware, able to run 32 simultaneous encryption threads, and it can be remotely controlled via command-line options.
Attackers are able to target and control what files are encrypted and in what order, allowing the malware to quickly encrypt important shared data without immediately making the local system unusable to users which could allow an enterprise time to act.
The attack on the nation of Costa Rica began with a Conti cyber attack at the Ministry of Finance on April 18th.
The Ministry is still evaluating the scope of the incident and has yet to determine what, if any, impact there may be on taxpayers’ information or payments.
The ransom demanded was $10 million or else the group would continue to attack the nation’s Ministries.
Costa Rica’s government declined to pay the initial ransom.
Keeping good on their promise, WizardSpider continued its campaign and has so far infected:
All of these agencies have had their operations impacted in some way.
BleepingComputer reports that as of May 9th, Conti has leaked over 97% of a 672GB data dump which allegedly contains information stolen from the government agencies.
Conti has the capability to make and exfiltrate copies of any data that is encrypted, which can turn a ransom campaign into an extortion attempt even after the encrypted files are restored.
How PurpleSec Helps To Secure Your Organization
Our vulnerability management services and penetration testing services provide a holistic approach to securing what’s most important to you.
To protect yourself from ransomware PurpleSec recommends:
Conti is just one example of ransomware. There are many other well-known variants and new ones are being created all the time.
It is important to take ransomware seriously at your business.
The full extent of the continuing attack, the leak, and its impact on the citizens of Costa Rica has yet to be determined.
The declaration of national emergency has given the government of Costa Rica some national powers to help defend itself from the attack and recover from any damages.
In a separate but related announcement last week, the U.S Department of State is offering $10 million for information that identifies and locates anyone related to Conti, with an additional $5 million bounty for information leading to the arrest of those directly responsible for creating and delivering Conti attacks.
Related Articles:
Josh Allen is a diversely-skilled cyber security professional with 12 years of Department of Defense experience and specializing in internal network security.
Related Articles
Popular Articles
Ransomware Attacks
Preventing Attacks