The Costa Rican government is under such immense ransomware attack that it has reportedly been forced to declare a state of national emergency.
BleepingComputer claims that the country’s president Rodrigo Chaves, signed the declaration into law on April 8, the same day he took office.
“The attack that Costa Rica is suffering from cybercriminals, cyberterrorists is declared a national emergency and we are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these attacks as criminal acts,” the President was cited as saying.
Demanding $10 million in payment
“We signed the decree so that the country can defend itself from the criminal attack that cybercriminals are making us. That is an attack on the Homeland and we signed the decree to have a better way of defending ourselves,” added President Chaves.
So far, it would seem that it’s not a nation-state, or state-sponsored actor behind the attack, but rather a financially motivated group known as UNC1756. The group deployed the Conti ransomware against a number of government endpoints, causing major disruptions in both public and private sectors as government procedures, signatures, and stamps, have all been disrupted.
Among the affected organizations are the Costa Rican Finance Ministry, the Ministry of Labor and Social Security, the Social Development and Family Allowances Fund, and the Interuniversity Headquarters of Alajuela.
Other agencies, seemingly affected by the disruption, include the Administrative Board of the Electrical Service of the province of Cartago, the Ministry of Science, Innovation, Technology, and Telecommunications, the National Meteorological Institute, Radiographic Costarricense, and the Costa Rican Social Security Fund.
The attack seems to have kicked off in mid-April, with the threat actors allegedly demanding $10 million from the Ministry of Finance. The organization declined to pay the ransom, kicking off a major data dump by the threat actor.
So far, UNC1756 leaked 97% of its stolen data dump, which counts 672 GB of sensitive information. To make matters worse, the group has threatened future attacks of “a more serious form”, too.
Currently, there’s a bounty on Conti’s leadership and operators. The US government is willing to give $15 million to whoever comes forth with any information that might lead to the identification, locating, and consequently, to the arrest, of these individuals.