National emergency declared by Costa Rica after Conti ransomware attacks

On Sunday 8th of May 2022, President Rodrigo Chaves, the newly elected Costa Rican President declared a national emergency where he cited ongoing Conti ransomware attacks as the reason for the emergency. The Conti ransomware group originally started their ransomware attacks against government institutions of Costa Rican last month.  

In response to these attacks, on the 19th of April, Costa Rica’s public health agency, Costa Rican Social Security Fund (CCSS) releases a statement saying, “a perimeter security review is being carried out on the Conti Ransomware, to verify and prevent possible attacks at the CCSS level.” The initial target was the Ministry of Finance and the Conti ransomware group demanded a $10 million ransom in exchange for not disclosing the information that was allegedly stolen during the attack. But the Costa Rican government has declined to pay the ransom demand. 

Because of the attack, multiple government institutions and other agencies have been impacted:  

• The Costa Rican Finance Minsitry (Ministerio de Hacienda) 
• The Ministry of Labor and Social Security (MTSS),  
• The Social Development and Family Allowances Fund (FODESAF),  
• The Interuniversity Headquarters of Alajuela (SIUA) 
• Administrative Board of the Electrical Service of the province of Cartago (Jasec) 

• The Ministry of Science, Innovation, Technology, and Telecommunications 
• National Meteorological Institute (IMN) 
• Radiographic Costarricense (Racsa) 
• Costa Rican Social Security Fund (CCSS) 

Cyber security researchers have observed that as of Sunday 8th of May 2020, the Conti ransomware group’s data leak site had been updated to show that 97% of the allegedly stolen 672 GB data dump has been leaked. Due to the massive impact of the incident, there might have been a concern that the attack could be due to nation-state hackers but the Conti ransomware group has claimed full responsibility for it by referring to one of their threat actor names “UNC1756”. And the group has threatened to conduct future attacks of “a more serious form” if their demands are not paid. 

Therefore, President Rodrigo Chaves has stated they are going to execute decree No. 42542 to establish an emergency:“The attack that Costa Rica is suffering from cybercriminals, cyberterrorists is declared a national emergency and we are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these attacks as criminal acts” 

Additionally, President Rodrigo Chaves added that “We signed the decree so that the country can defend itself from the criminal attack that cybercriminals are making us. That is an attack on the Homeland and we signed the decree to have a better way of defending ourselves”.