DataBreaches previously reported on the situation in Costa Rica, where the government has declared a national emergency following a ransomware attack by Conti. What is of special note in this incident are Conti’s escalating threats in their attempt to get their ransom demands paid and the self-identification of the affiliate involved (who calls themself “unc1756”).
Prior to yesterday, Conti’s most recent message on their leak site was to suggest that Costa Ricans consider replacing their government with one that would pay the ransom.
So far, however, Unc1756’s public messages to the people of Costa Rica do not appear to have produced the desired result, resulting in yet more threats. The newest message to Costa Rica reads:
We have our insiders in your government, I recommend that your responsible contact UNC1756, there is less than a week left when we destroy your keys, we are also working on gaining access to your other systems, you have no other options but to pay us, we know that you have hired a data recovery specialist, don’t try to find workarounds, I communicate with everyone in this area of business, I have insiders even in your government! I once again appeal to the residents of Costa Rica go out on the street and demand payment
Another attempt to get in touch through other services will be punished by deleting the key
Has Conti actually bribed or secured the help of people in government? Perhaps. But given that there is a price on Conti’s heads, anyone involved in assisting UNC1756 with this particular attack may decide they’d prefer to have $5 million from the US government by flipping on UNC1756. Could that include someone inside Costa Rica’s government who Unc1756 believes is their source or is cooperating with them? Perhaps.
In the meantime, perhaps Costa Rica is taking a cue from Ukrainian heroes and is pretty much telling Conti, ‘Fuck you, Conti hackers.”