Conti abandons all pretense at professionalism, issues increasingly strident threats as Costa Rica struggles

Conti ransomware actors have created a national emergency in Costa Rica, where the government declared a state of emergency. Multiple government agencies have reportedly been impacted by an attack in April and the government’s refusal to pay the ransom demands. Kevin Collier of NBC reported:

The official declaration, published on a government website Wednesday, said that the attack was “unprecedented in the country” and that it interrupted the country’s tax collection and exposed citizens’ personal information.

Unlike Conti’s messaging in the past, the threat actors are becoming increasingly strident and frustrated. In response to the country’s failure to pay their ransom demands, the threat actors  published this message to them on their leak site yesterday:

“For Costa Rica”
https://www.hacienda.go.cr/
https://www.mtss.go.cr
https://fodesaf.go.cr
https://siua.ac.cr

Conti is primarily a community of people who understand information security. and we believe that we understand it very well, I want to say: we stop any actions against Costa Rica (any attacks on this country are not considered our actions) we believe that the country is so aware of the views of the United States that the Americans simply sacrifice it in this regard. why not just buy a key? I do not know if there have been cases of entering an emergency situation in the country due to a cyber attack? In a week we will delete the decryption keys for Costa Rica

I appeal to every resident of Costa Rica, go to your government and organize rallies so that they would pay us as soon as possible if your current government cannot stabilize the situation? maybe it’s worth changing it?

Yes, you read that correctly — they are suggesting overthrowing the government   to get them paid.

Prior versions also invoked political rhetoric while threatening more consequences, such as the message by “unc1756,” who took credit for the attack with an affiliate and warned that future attacks were coming on other countries — all motivated by money.

“FOR COSTA RICA AND US TERRORISTS (BIDEN AND HIS ADMINISTRATION”)
Just pay before it’s too late, your country was destroyed by 2 people, we are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency.
Now we are putting together a campaign against the current government, the price is changing now you 20m, soon everyone attached to the presenter will start receiving non-urgent calls from us, we have defeated you!

For those who have followed or reported on Conti for a while, the deterioration in professionalism and messaging is obvious. But part of the messaging’s purpose may be to take individual responsibility for attacks so that Russia itself is not blamed for interfering with a sovereign government. While not an expert on Conti or its messaging, DataBreaches cannot recall any previous public messaging by them where an individual attacker or affiliate provided their alias like “unc1756” has done.

How desperate are threat actors getting for money? And with the crash of cryptocurrencies, are they feeling even more desperate?

Conti’s approach to Costa Rica is mirrored in a post to Peru, where what appears to be the same dysregulated individual writes:

“For Peru”
https://digimin.gob.pe
https://mef.gob.pe
MOF – Dirección General de Inteligencia (DIGIMIN) Ministerio de Economía y Finanzas – MEF – Gobierno del Perú

I’m starting to release the data of the Ministry of Finance of Peru, do you think unc1756 will play games? You have 5 days to contact us via DIGIMON chat, we understand that you deeply do not care about the data of your citizens, you do not care about their welfare, and what happens if I turn off the water or light supply to Peru? It is in your best interest to contact immediately

BlackBasta is not conti it’s fucking kids

As reported recently, the U.S. has offered a reward for information leading to the identification and location of the leaders involved in Conti and affiliates. The reward offer specifically mentioned Conti’s attack on Costa Rica:

In April 2022, the group perpetrated a ransomware incident against the Government of Costa Rica that severely impacted the country’s foreign trade by disrupting its customs and taxes platforms.  In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals.  We look to partner with nations willing to bring justice for those victims affected by ransomware.

Whether that offer will have any impact remains to be seen, but even if people are caught, that will likely not be of help to Costa Rica at this point. Whether Costa Rica will continue to refuse to cave in to extortion demands remains to be seen. Will one ransomware group’s determination to get millions of dollars result in Costa Rica joining the chorus of increasing world opinion against Russia?

About the author: Dissent

Comments are closed.