Conti threatens to overthrow New Costa Rican govt days after attack on major ministries

Conti’s cyberattack has encrypted Costa Rican government data. The notorious ransomware group has threatened to delete encryption keys if the ransom wasn’t paid in one week.

Conti said its goal is now to overthrow the government. Perhaps seizing on the fact that President Rodrigo Chaves had only been in office for a week, the Russian-speaking Conti gang tried to increase the pressure to pay a redemption by raising its demand to $20 million.

On May 16, Chaves suggested in a news conference that the attack was coming from inside as well as outside Costa Rica.

Despite Conti's threat, experts see regime change as a highly unlikely — or even the real goal. A ransomware analyst at Emsisoft, Brett Callow, said:

We haven't seen anything even close to this before and it's quite a unique situation. The threat to overthrow the government is simply them making noise and not to be taken too seriously, I wouldn't say.

However, the threat that they could cause more disruption than they already have is potentially real and that there is no way of knowing how many other government departments they may have compromised but not yet encrypted.

The US State Department statement last week said Conti had been responsible for hundreds of ransomware incidents during the past two years:

The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented.

The other day, the Conti ransomware group added the Peru MOF to the list of its victims on its leak site.