In the wake of ransomware attacks against government agencies in Costa Rica, the U.S. is offering a $15 million reward to apprehend the hackers.
Widespread impact on government agencies
For more than a month, the Central American country has been racked by ransomware attacks that have impacted government agencies including the Ministry of Finance and Ministry of Labor.
In response, one of the first acts by Costa Rica’s newly elected president, Rodrigo Chaves Robles, who took office May 8, was to declare a national emergency, as the attack brought down computer systems affecting government operations ranging from paying pensions to collecting taxes, according to the AP.
“The Ministry of Finance has been the most damaged institution, as it suffered loss of control over several of its systems and databases, as well as information theft from the ATV (Virtual Tax Administration) and Customs TICA System platforms,” according to ameliarueda.com, a news site run by the Costa Rican journalist Amelia Rueda Ahumada.
“Everything has caused a collapse in some business areas, such as export and import sectors,” the news site said.
A $10 million ransom was demanded by the Russian-language Conti ransomware group. To date, the Costa Rican government has refused to pay the ransom.
As of May 9, Conti's data leak site shows that the group had exposed 97% of the 672 GB data dump allegedly containing information stolen from government agencies, according to Bleeping Computer.
The Conti gang variant claiming responsibility for the attack identified itself as "UNC1756," Bleeping Computer said, and has threatened to conduct future attacks of "a more serious form,” according to the report.
U.S.: offense as defense
The U.S. is not standing idly by. The State Department, in response to the Costa Rica attack, announced that it is offering a reward of up to $10 million for information leading to the identification and/or location of “any individuals who hold a key leadership position in the Conti ransomware… organized crime group.” And an additional reward of up to $5 million for information leading to the arrest and/or conviction of the individuals participate in a “Conti variant ransomware incident.”
The state department made this statement about the Conti group:
“The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years. The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented.”
Conti is a Ransomware-as-a-Service (RaaS) known for malware including Ryuk and TrickBot.
The FBI warned about attacks in May 2021 when Conti operators tried to breach over a dozen US healthcare organizations.
U.S. on tenterhooks
In March President Biden warned about signs of possible Russian cyberattacks in retaliation to sanctions imposed after it invaded Ukraine, saying “evolving intelligence that the Russian government is exploring options for potential cyberattack” and for the U.S. private sector to “harden your cyber defense immediately.”
CISA (Cybersecurity and Infrastructure Security Agency) has given similar warnings. CISA’s most widely-publicized warning, “Shields Up,” was issued in February.
The ransomware attack on Colonial Pipeline, which snarled the supply of fuel on the East Coast in May of last year, is still fresh in the mind of the Biden administration.