Conti Attacks Costa Rica
The Conti ransomware family attacked the Costa Rican government, causing it to declare a national state of emergency. The attack started by affecting some Ministry of Finance computers, and some government buildings were shut down.
“They asked for pretty big ransoms of $10 million- $20 million when they realized who they got into,” Nachreiner said. “Later, the same Conti group was targeting health care targets in Costa Rica as well. And there was some suggestion, based on some of the messaging seen on the underground, that there may even be political motivations for why they did this. But the big part of the attack is Costa Rica declaring a state of emergency based on a cyberattack for the first time.”
This is an example of how bad guys have moved to big game ransomware, he said.
“They’re looking for a certain type of victim,” Nachreiner said. “In this case, it’s showing even governments are a certain type of victim, but it could be health care because of uptime needs for data in order to have surgeries and [so forth]. It could be manufacturing; it could be big-name companies. What these bad guys are finding when they do big-game ransomware is … that if they can really affect a number of [a target’s] computers and take the business down, that target will be really pressured to want to pay ransom quickly because every second of downtime for data is critical. Big-game ransomware started with health care and manufacturing, but I think the Costa Rica example shows that governments are a great target, too.”
Venky Raju is field CTO Field at ColorTokens, a provider of autonomous zero-trust cybersecurity solutions.
“Fortunately, the Conti gang dissipated around June, but not before causing extensive damage to critical government and financial systems in Costa Rica,” he said. “We received a number of inquiries on protecting legacy systems that no longer receive security patches and were therefore very vulnerable. In fact, a survey by ColorTokens and Chase Cunningham in 2021 revealed CISOs’ concerns of legacy systems being a drag on zero-trust implementations.”