Costa Rica became the first country to declare national emergency after ransomware attack. Most of its government agencies affected

Rodrigo Chaves, president of Costa Rica, confirmed the declaration of a national emergency due to the dangerous cyberattacks deployed by the Conti ransomware operation against government agencies. Recently it was even confirmed that hackers leaked more than 670 GB of confidential information belonging to the Costa Rican government.

The state of emergency was declared this Sunday, May 8, the same day that Chaves, a graduate in economics and former Minister of Finance became the 49th president of Costa Rica.

In presenting Decree No. 42542, the newly elected president argued that the hacking group has put at risk the operations of various entities, deploying devastating cyberattacks since last month: “The attack that Costa Rica is suffering by cybercriminals is declared a national emergency for the entire public sector of the Costa Rican State, allowing our society to respond to these attacks as criminal acts.”

According to reports, the first attack confirmed by the authorities occurred in the Ministry of Finance, which suffered a massive loss of information derived from Conti’s activities, including records of payment systems and administrative databases. At the time, the hackers demanded the payment of a ransom of more than $10 million USD, which the Costa Rican government refused to pay.

Separately, ransomware group Conti recently updated its dark web leak platform, presenting a list of allegedly compromised Costa Rican government agencies, including:

  • Ministry of Finance of Costa Rica
  • Ministry of Labour and Social Security (MTSS)
  • Social Development and Family Allowances Fund (FODESAF)
  • Interuniversity Headquarters of Alajuela (SIUA)

Cybersecurity specialists mention that Conti controls various ransomware operations, in addition to financing these attacks with other hacking variants. One of these alleged secondary operations was identified as Krakurt, dedicated to extortion and linked to Conti after various reports by firms such as Chainalysis.

Conti has become one of the main targets of the US authorities, who for a few months pushed for drastic measures against ransomware groups. The U.S. government is reportedly offering a reward of up to $15 million to anyone who provides information leading to the identification and arrest of the leaders of this operation.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.