DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Conti abandons all pretense at professionalism, issues increasingly strident threats as Costa Rica struggles

Posted on May 15, 2022 by Dissent

Conti ransomware actors have created a national emergency in Costa Rica, where the government declared a state of emergency. Multiple government agencies have reportedly been impacted by an attack in April and the government’s refusal to pay the ransom demands. Kevin Collier of NBC reported:

The official declaration, published on a government website Wednesday, said that the attack was “unprecedented in the country” and that it interrupted the country’s tax collection and exposed citizens’ personal information.

Unlike Conti’s messaging in the past, the threat actors are becoming increasingly strident and frustrated. In response to the country’s failure to pay their ransom demands, the threat actors  published this message to them on their leak site yesterday:

“For Costa Rica”
https://www.hacienda.go.cr/
https://www.mtss.go.cr
https://fodesaf.go.cr
https://siua.ac.cr

Conti is primarily a community of people who understand information security. and we believe that we understand it very well, I want to say: we stop any actions against Costa Rica (any attacks on this country are not considered our actions) we believe that the country is so aware of the views of the United States that the Americans simply sacrifice it in this regard. why not just buy a key? I do not know if there have been cases of entering an emergency situation in the country due to a cyber attack? In a week we will delete the decryption keys for Costa Rica

I appeal to every resident of Costa Rica, go to your government and organize rallies so that they would pay us as soon as possible if your current government cannot stabilize the situation? maybe it’s worth changing it?

Yes, you read that correctly — they are suggesting overthrowing the government   to get them paid.

Prior versions also invoked political rhetoric while threatening more consequences, such as the message by “unc1756,” who took credit for the attack with an affiliate and warned that future attacks were coming on other countries — all motivated by money.

“FOR COSTA RICA AND US TERRORISTS (BIDEN AND HIS ADMINISTRATION”)
Just pay before it’s too late, your country was destroyed by 2 people, we are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency.
Now we are putting together a campaign against the current government, the price is changing now you 20m, soon everyone attached to the presenter will start receiving non-urgent calls from us, we have defeated you!

For those who have followed or reported on Conti for a while, the deterioration in professionalism and messaging is obvious. But part of the messaging’s purpose may be to take individual responsibility for attacks so that Russia itself is not blamed for interfering with a sovereign government. While not an expert on Conti or its messaging, DataBreaches cannot recall any previous public messaging by them where an individual attacker or affiliate provided their alias like “unc1756” has done.

How desperate are threat actors getting for money? And with the crash of cryptocurrencies, are they feeling even more desperate?

Conti’s approach to Costa Rica is mirrored in a post to Peru, where what appears to be the same dysregulated individual writes:

“For Peru”
https://digimin.gob.pe
https://mef.gob.pe
MOF – Dirección General de Inteligencia (DIGIMIN) Ministerio de Economía y Finanzas – MEF – Gobierno del Perú

I’m starting to release the data of the Ministry of Finance of Peru, do you think unc1756 will play games? You have 5 days to contact us via DIGIMON chat, we understand that you deeply do not care about the data of your citizens, you do not care about their welfare, and what happens if I turn off the water or light supply to Peru? It is in your best interest to contact immediately

BlackBasta is not conti it’s fucking kids

As reported recently, the U.S. has offered a reward for information leading to the identification and location of the leaders involved in Conti and affiliates. The reward offer specifically mentioned Conti’s attack on Costa Rica:

In April 2022, the group perpetrated a ransomware incident against the Government of Costa Rica that severely impacted the country’s foreign trade by disrupting its customs and taxes platforms.  In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals.  We look to partner with nations willing to bring justice for those victims affected by ransomware.

Whether that offer will have any impact remains to be seen, but even if people are caught, that will likely not be of help to Costa Rica at this point. Whether Costa Rica will continue to refuse to cave in to extortion demands remains to be seen. Will one ransomware group’s determination to get millions of dollars result in Costa Rica joining the chorus of increasing world opinion against Russia?

Category: Government SectorMalwareNon-U.S.

Post navigation

← How to Fight Foreign Hackers With Civil Litigation
UK: Cornwall Council Data Breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.