Conti is escalating its rhetoric to force Costa Rica to pay a ransom after the nation was breached last month, including calls for potential regime change from its newly elected president to assemble a government more willing to pay.
New President Rodrigo Chaves Robles declared a state of national emergency last week rather than pay an alleged $10 million ransom.
"I appeal to every resident of Costa Rica, go to your government and organize rallies so that they would pay us as soon as possible," Conti wrote on its leaks site in a new update. "[I]f your current government cannot stabilize the situation? maybe it's worth changing it?"
In the same missive, Conti issued a final deadline of one week to pay before the encryption keys would be deleted. The group also chided the Chaves government for potentially putting too much faith in the United States to bail it out, writing "[W[e believe that the country is so aware of the views of the United States that the Americans simply sacrifice it in this regard. why not just buy a key?"
Conti encrypted data from the Ministry of Finance, the MInistry Labor and Social Security, the Fund for Social Development and Family Allowances and a University of Costa Rica site in Alajuela.
Brett Callow, a ransomware expert with Emsisoft, said Conti's scattered list of threats might be due to the group running low on cards to play to coax payment. Even before the country declared a state of national emergency, Conti claimed to have leaked 97% of the more than 670 gigabytes of data it had exfiltrated.
"Or it could be a warning to other victims: you don’t want to suffer like Costa Rica did. Payment is the least painful option," he said via electronic chat.