Ransomware gang threatens to ‘overthrow’ new Costa Rica government, raises demand to $20 million

The ransomware group behind an attack on several Costa Rican government ministries levied several violent warnings against the country this weekend, raising the ransom demand to $20 million and threatening to “overthrow” the government of new President Rodrigo Chaves. 

In two messages posted to their leak site on Saturday, the Conti ransomware group – which has already leaked 97% of the 670 GB they stole from their attacks – claimed the U.S. government was “sacrificing” Costa Rica and that the country's government should pay for the decryption keys to unlock their systems.

Costa Rica’s new government took office last week and immediately declared a state of emergency after refusing to pay the initial $10 million ransom issued by Conti. The country has received assistance from officials in the U.S., Israel and other countries. The U.S. put a $10 million bounty out for anyone connected to Conti after the attack on Costa Rica.

“Why not just buy a key? I do not know if there have been cases of entering an emergency situation in the country due to a cyber attack? In a week we will delete the decryption keys for Costa Rica,” the group threatened. 

“I appeal to every resident of Costa Rica, go to your government and organize rallies so that they would pay us as soon as possible. If your current government cannot stabilize the situation? Maybe its worth changing it?”

#Conti's latest posts re: Costa Rica state they are 'determined to overthrow the government by means of a cyber attack,' have increased the ransom to $20 million and will delete the decryption key in 7 days. pic.twitter.com/MQ24KSAjwf

— Brett Callow (@BrettCallow) May 14, 2022

In another message, the group called U.S. President Joe Biden a “terrorist” and said it was raising the ransom price to $20 million. The group also implied that it would begin calling government officials to demand the ransom. 

“Just pay before it's too late, your country was destroyed by 2 people, we are determined to overthrow the government by means of a cyberattack, we have already shown you all the strength and power, you have introduced an emergency,” the group added. 

More than three weeks after the attack began, the country is still facing significant struggles, particularly because of the damage done to the Finance Ministry. 

The country was forced to tell residents last week that taxes need to be calculated by hand and paid in person at local banks, as opposed to the digital system the country has previously used. 

¡Atención contribuyentes! Pago de impuestos del próximo lunes deberá calcularse a mano y cancelarse en bancos https://t.co/ohqdohuY3d #NM935 pic.twitter.com/86g8fwEanx

— Noticias Monumental (@MonumentalCR) May 13, 2022

The attack crippled the country’s customs and taxes platforms alongside several other government agencies, even bringing down one Costa Rican town’s energy supplier. The country’s treasury department has been unable to operate any of its digital services since the attack began, making it nearly impossible for paperwork, signatures and stamps required by law to be processed.

Organizations affected by the attack include:

• The Finance Ministry
• The Ministry of Science, Innovation, Technology, and Telecommunications
• The Labor and Social Security Ministry
• The Social Development and Family Allowances Fund
• The National Meteorological Institute
• The Costa Rican Social Security Fund
• The Interuniversity Headquarters of Alajuela