Thursday, July 7, 2022

US State Department announces $10 million bounty after ransomware attack in Costa Rica

Must read

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

In the wake of a massive ransomware attack on the Costa Rican government in April, the US government reported last week pronouncing a potentially multimillion-dollar bounty to people involved in the Conti ransomware used in the hack. Rodrigo Chaves Robles, recently sworn in president of Costa Rica, declared a national emergency as a result of the attack, according to CyberScoop

According to BleepingComputer, the ransomware attack affected the ministries of Finance and Labor and Social Security of Costa Rica, as well as the Social Development and Family Benefits Fund. The report also says the attack hit some departments of the country’s treasury from April 18. Not only have hackers taken down some of the government’s systems, but they are also leaking data CyberScoopnoting that nearly 700GB of data landed on Conti’s site.

The US State Department says the attack “seriously affected the country’s foreign trade by disrupting customs and tax platforms” and is offering “up to $10 million for information leading to the identification and/or location” of the organizers behind Conti. The US government is also offering $5 million for information “leading to the arrest and/or conviction of a person in a country who conspires to participate in or attempts to participate” in a Conti-based ransomware attack.

Last year, the US offered similar bounties on REvil and DarkSide (the group behind the colonial pipeline attack). REvil is largely considered shut down after the US reportedly hacked into the group’s servers and the Russian government claimed to have arrested several members.

The Costa Rican government is not the only entity to fall victim to Conti’s ransomware. if Krebs on security notesthe group is particularly notorious for targeting healthcare facilities such as hospitals and research centers.

The gang is also known for having its chat logs leaked after declaring full support for the Russian government shortly after the invasion of Ukraine began. According to CNBC, those logs showed that the group behind the ransomware itself had organizational problems: people were not paid and arrests were made. However, like many ransomware operators, the actual software was also used by “affiliates” or other entities who used it to carry out their own attacks.

In the case of Costa Rica, the attacker claims to be one of these affiliates and says they are not part of a bigger team or government, according to a report Posted by CyberScoop† However, they have threatened “serious” attacks, calling Costa Rica a “demo version”.

More articles


Please enter your comment!
Please enter your name here

Latest article