Conti ransomware gang calls for Costa Rican citizens to revolt if government doesn’t pay

SAN JOSE, COSTA RICA – FEBRUARY 6: Presidential candidate for Progreso Social Democratico party Rodrigo Chaves arrives to cast his vote during Presidential Elections at Liceo Napoleon Quesada school during Presidential Elections on February 6, 2022 in San Jose, Costa Rica. Costa Ricans go to polls to vote for the successor of Carlos Alvarado ...
Then-Costa Rican presidential candidate Rodrigo Chaves Robles is photographed in February. He was sworn into office in May. (Photo by Arnoldo Robert/Getty Images)

Conti is escalating its rhetoric to force Costa Rica to pay a ransom after the nation was breached last month, including calls for potential regime change from its newly elected president to assemble a government more willing to pay.

New President Rodrigo Chaves Robles declared a state of national emergency last week rather than pay an alleged $10 million ransom.

"I appeal to every resident of Costa Rica, go to your government and organize rallies so that they would pay us as soon as possible," Conti wrote on its leaks site in a new update. "[I]f your current government cannot stabilize the situation? maybe it's worth changing it?"

In the same missive, Conti issued a final deadline of one week to pay before the encryption keys would be deleted. The group also chided the Chaves government for potentially putting too much faith in the United States to bail it out, writing "[W[e believe that the country is so aware of the views of the United States that the Americans simply sacrifice it in this regard. why not just buy a key?"

Conti encrypted data from the Ministry of Finance, the MInistry Labor and Social Security, the Fund for Social Development and Family Allowances and a University of Costa Rica site in Alajuela.

Brett Callow, a ransomware expert with Emsisoft, said Conti's scattered list of threats might be due to the group running low on cards to play to coax payment. Even before the country declared a state of national emergency, Conti claimed to have leaked 97% of the more than 670 gigabytes of data it had exfiltrated.

"Or it could be a warning to other victims: you don’t want to suffer like Costa Rica did. Payment is the least painful option," he said via electronic chat.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.