The government actually declared a state of emergency last week following an attack launched by the Conti Group, which infected computer networks. But now, the objective has changed to overthrowing the government, according to The Associated Press.
Newly elected President Rodrigo Chaves told reporters on Monday that the Russian-speaking cyber-gang had bolstered its ransom payment to $20 million, adding that the attack crippled or affected 27 government institutions including agencies and utilities on the federal, state and municipal levels.
"We are at war, and that's not an exaggeration," said Chaves, adding that officials believe they are dealing with a national terrorist group that has collaborators inside Costa Rica itself.
In a message Monday, Conti warned that it was working with people inside the government.
“We have our insiders in your government,” the group said. “We are also working on gaining access to your other systems, you have no other options but to pay us. We know that you have hired a data recovery specialist, don’t try to find workarounds.”
"We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency," the cyber gang added.
Despite Conti’s threat, however, experts say that they see regime change as highly unlikely — even if it's the real goal.
“We haven’t seen anything even close to this before and it’s quite a unique situation,” Brett Callow, a ransomware analyst at Emsisoft, told AP News. “The threat to overthrow the government is simply them making noise and not to be taken too seriously, I wouldn’t say.
“However, the threat that they could cause more disruption than they already have is potentially real and that there is no way of knowing how many other government departments they may have compromised but not yet encrypted," he added.
AP News noted further:
Conti attacked Costa Rica in April, accessing multiple critical systems in the Finance Ministry, including customs and tax collection. Other government systems were also affected and a month later not all are fully functioning.
Chaves declared a state of emergency over the attack as soon as he was sworn in last week. The U.S. State Department offered a $10 million reward for information leading to the identification or location of Conti leaders.
If the ransom is not promptly paid, Conti said it would delete the decryption keys which would effectively paralyze critical networks that are used to run key government agencies.
A statement last week from the U.S. State Department said the Conti group had been responsible for hundreds of ransomware incidents over the past two years.
“The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented,” the statement said.
Is it possible that this is the first instance of a cyber gang attempting to overthrow a government with ransomware?
Callow, the cyber analyst, does not think so.
“I believe this is simply a for-profit cyber attack. Nothing more," he said.
But what if he's wrong? There is a first time for everything, after all, and if regime change is the true objective, what is the group prepared to do if the ransomware isn't paid other than crash Costa Rica's systems?
If such an attack happened in the U.S. and the power grid, especially, was attacked, there would be resultant chaos in the streets and mass death, as previous analyses of such scenarios have forecasted. Why wouldn't a similar situation develop elsewhere?