The US note offering a reward for Conti.  Photo US State Dep.

A group of cyber criminals attacking with ransomware has two Latin American governments on the ropes. On the one hand, to Costa Rica, where the newly elected president Rodrigo Chaves signed a decree in which he declared the national cybersecurity emergency after suffering a computer attack. And on the other, Peru, where the situation is extremely critical.

Chaves, in Costa Rica, took action against the attacks that several government institutions received last April. On April 20, the Russian cybercriminal group Conti reported on its dark web blog that it had hacked into 800 servers of the Costa Rican Ministry of Finance, demanding a payment of 10 million dollars to return files from encryption. They claimed to have 1TB of stolen information.

The Government of Costa Rica recognized the situation and confirmed that the incident affected the Ministry of Finance to a greater extent, but also other entities such as the Administrative Board of the Electrical Service of the province of Cartago (Jasec); the Ministry of Science, Innovation, Technology and Telecommunications; the Ministry of Labor and Social Security; as well as the National Meteorological Institute (IMN), Radiographic Costarricense (Racsa) and the Costa Rican Social Security Fund (CCSS).

The Chaves government refused to start a dialogue with the group, so there were no negotiations officially. Even the United States government interceded in the situation: it reported last Friday that it offers a reward of up to $15 million for information leading to the identification of Conti members.


The US note offering a reward for Conti. Photo US State Dep.

The note that Conti uploaded to his blog on the Dark Web.

The note that Conti uploaded to his blog on the Dark Web.

In Peru, the situation is much more complicated. The gang of cybercriminals went up on their site in the dark web a note where you ensure that you have access to critical infrastructure, including the water and electricity network.

“All downloaded documents are classified as secret. We work exclusively for money, we do not pursue other objectives”, says the note, according to cybersecurity experts.

What is ransomware and how does it work?

Ransomware has claimed multiple victims in recent years. His name is an acronym for “data rescue program”: ransom in English means ransom, and ware is a shortening of the well-known word software: a data hijacking program. Ransomware is a subtype of malware, an acronym for “malicious software.”

Now, this type of program acts by restricting access to parts of our personal information, or all of it. And in general, the attackers they exploit this to ask for something in return: money.

While some simple ransomware can lock down the system in a simple way, the most advanced ransomware uses a technique called “cryptoviral” extortion, in which the victim’s files are encrypted, making them completely inaccessible.

Ransomware attacks are generally more targeted than malware: cybercriminals target computer systems specific that belong to corporate businesses and this has to do with the fact that they are more “juicy” victims to extract money from them.

A WhatsApp URL from an unknown contact. Worse still: a URL from a known contact: Ransomware has multiple ways of getting there, and the most common historically are associated with programs that we install ourselves.

About Conti, the cybercriminals

Rodrigo Chavez, president of Costa Rica.  Photo EFE

Rodrigo Chavez, president of Costa Rica. Photo EFE

Conti is, together with REvil (disbanded at the beginning of the year), one of the largest ransomware gangs in the world. This type of malicious program encrypts information to demand a ransom in exchange.

During Russia’s invasion of Ukraine, an internal fight broke out in this group and an anti-Russian member even published internal chats of the organization that revealed their dealings and even bribes to journalists.

In addition, they published the “decrypter”, that is, a program to recover stolen data, which is what they usually provide when they pay the ransom.

A few weeks ago they attacked again, even though it was thought that the gang was broken up by internal fights.

among his victims largest universities are located around the world, panasonicthe Central Bank of Tunisia and even medical health services.

Peru and Costa Rica are its two most resounding victims.

Leave a Reply