The Conti Ransomware Attack On The Goverment Of Costa Rica [CASE STUDY]

HelpRansomware has analyzed the ransomware attack on the Government of Costa Rica and the consequences for the online reputation of the president, Rodrigo Chaves.

Hacking Costa Rican institutions

At the end of April, the then president of Costa Rica, Carlos Alvarado Quesada, announced a cyberattack on the country’s institutions through a video:

“It is not just an attack on the affected institutions. It is a criminal cyberattack against the state and the entire country.

The Costa Rican state will not pay these cyber criminals anything. This attack seeks to threaten the country’s stability at a transitional juncture.”

Who has been affected by the attack?

The cyberattack has affected various institutions of the Government of Costa Rica:

• Ministry of Finance, the most damaged;
• Ministry of Science, Technology, and Telecommunications (Micitt);
• Racsa;
• National Meteorological Institute (IMN);
• Ministry of Labor and Social Security (MTSS);
• Administrative Board of the Electrical Service of Cartago (JASEC);
• Social Development and Family Allowances Fund (Fodesaf);
• Costa Rican Social Security Fund (CCSS).

Through Twitter, the CCSS explained the problems they were experiencing in their systems due to the Conti Ransomware.

Likewise, JASEC issued an informative note with the consequences of the attack:

“It consisted of the impact consists on the encryption of servers, which temporarily prevents the operation of some systems and services, such as administrative and collection systems. The review that is carried out also seeks to determine if the hackers obtained information, including data from our clients”.

The theft of information

Since the start of the attacks, Conti has been sending ransom notes, valued at $10 million, to the Government of Costa Rica to open encrypted files.

Hackers began to threaten the administration, informing them about the publication of the informations on the Dark Web.

On April 21st, they released 24 gigabytes from the Ministry of Finance.

This is a real case that confirms the goal of the cybercriminals: to hijack data and demand ransom, through blackmail, in exchange for ransomware decryption.

The extortion is built with the publication of the kidnapped information on the Dark Web or Deep Web.

HelpRansomware always advises not to pay the ransom or negotiate with cybercriminals.

Afterward, contact a company that is specialized in ransomware removal and file decryption, such as HelpRansomware.  

Declaration of Emergency

On May 8th, the new president of Costa Rica, Rodrigo Chaves, announced a state of emergency for cybersecurity reasons as he announced in a press release:

“The president stressed the need for Costa Rica to invest in cybersecurity issues; this is due to the different attacks that have occurred in recent weeks in our country, which is why Executive Decree No. 42542 of Declaration of Cybersecurity is signed. National Emergency”.

Hacker extortion

Meanwhile, the hackers behind Conti continue to demand a ransom payment from the Costa Rican government:

“It is impossible to make the decisions of the administration of the President of Costa Rica without irony. All this could have been avoided by paying; you would have made your country really safe”.

And he continues to alert the rest of the countries:

“The purpose of this attack was to make money. In the future, I will definitely make attacks of a more serious format with a bigger team; Costa Rica is a demo version.”

America’s Reward

The new Conti attack in Costa Rica has caused the intervention of the United States Government to stop this type of cybercrime.

State Department is offering rewards to citizens who help identify the insiders behind the Conti ransomware:

“The Department of State is offering a reward of up to $10,000,000 for information leading to the identification and/or location of anyone in a leadership position in the Conti ransomware organized crime group.

Additionally, it is also offering a reward of up to $5,000,000 for information leading to the arrest and/or conviction of any person in any country who conspires to participate or attempts to participate in a Conti variant ransomware incident.”

Conti ransomware attacks

Conti is one of the relatively new types of ransomware

It is used to attack large corporate or government networks quickly and effectively.

This type of attack is designed to be controlled remotely.

Malware operators hack into a network and gain domain and administrator credentials, locking and encrypting the entire hard drive.

State Department, in its press release, offers the following information about the Conti ransomware:

“The Conti ransomware group has been responsible for hundreds of ransomware incidents in the last two years. The FBI estimates that as of January 2022, there were more than 1,000 attack victims associated with the Conti ransomware with payouts in excess of $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented.”

HelpRansomware offers premium cybersecurity services to help businesses, professionals, and administrations remove any type of ransomware and restore encrypted files.

The analysis

HelpRansomware, a leading ransomware decryption company, has analyzed how this criminal act has affected the online reputation of the current president of Costa Rica, Rodrigo Chaves.

The study was divided into:

• Feeling;
• Positivity and negativity;
• Results;
• Emotions;
• Geographical distribution.

For the analysis, HelpRansomware takes a week as a period: from May 6th to 12th.

The sentiment

Sentiment, computes the percentage of sentiment, positive or negative, generated by users on social networks.

HelpRansomware has also calculated the net sentiment produced by Rodrigo Chaves on the Internet.

This is the net percentage, measured on a scale of -100 to 100.

The positive sentiment is 10.4%, and the negative is 18.1%.

These numbers represent a net sentiment of -27%. A figure that has fallen by 15.4% compared to the previous week.

On the other hand, the performance of the results refers to the interactions (mentions, likes, comments, videos, etc.) in a certain period.

In this case, from May 6th to 12th.

As can be seen in the graph above, Chaves obtained 3.8K results, 397% more than the previous week.

Emotions

HelpRansomware has analyzed the emotions generated by Rodrigo Chaves.

The software, RepUP Monitoring Tool, breaks down the different sentiments as follows:

• Happiness;
• Sadness;
• Fear;
• Gonna;
• Surprise.

Anger is the predominant emotion (66.3%), followed by sadness (13.5%), happiness (11.9%), and fear (8.1%).

The emotion that has grown the most in a week is anger, with 495%.

Geographical distribution

Finally, you can see the scope of sentiment, divided into the regions of the country.

The largest share is recorded in San Marcos (389M), which is divided into:

• 311.6M neutral sentiment;
• 41.3M negative sentiment;
• 35.9M positive sentiment.

The districts that follow him, by engagement quota, are Heredia and Alajuela.

Conclusions

HelpRansomware has analyzed the ransomware attack on the Government of Costa Rica and how the cyber incident has affected the online reputation of the country’s president, Rodrigo Chaves.

The following conclusions can be drawn from this case study:

• Various institutions of the Government of Costa Rica, such as the Ministry of Finance, were victims of the ransomware attack;
• Hackers have released up to 24 gigabytes from the Ministry of Finance;
• The cybercriminals demanded a ransom of $10 million from the Government of Costa Rica;
• Rodrigo Chaves has declared a state of emergency in the country for security reasons;
• The United States Government offers a reward in exchange for information on criminals;

The ransomware attack has indeed affected the digital reputation of the president of Costa Rica.

His net sentiment stands at -27% and is down 15% in a week.

Likewise, anger is the predominant emotion that users perceive in the president of Costa Rica.

Finally, Chaves obtained 3.8K results, 397% more than the previous week.

The data verified that the ransomware attack, of which the Government of Costa Rica is a victim, has affected the online reputation and sentiment of the country’s president.

Not paying the ransom to cybercriminals is the first step to avoid negative consequences that could affect a company or a country.

The victim should then contact a specialized cybersecurity and ransomware removal company, such as HelpRansomware.

The company, which is part of the ReputationUP group, is a leader in the decryption and recovery of data hijacked by ransomware.