Within the wake of an enormous ransomware assault on the Costa Rican authorities in April, the US authorities issued a notice last week declaring a bounty doubtlessly value hundreds of thousands of {dollars} on folks concerned with the Conti ransomware used within the hack. Rodrigo Chaves Robles, Costa Rica’s not too long ago sworn-in president, declared a national emergency because of the assault, according to CyberScoop.

According to BleepingComputer, the ransomware assault affected Costa Rica’s ministries of finance and Labor and Social Safety, in addition to the nation’s Social Growth and Household Allowances Fund, amongst different entities. The report additionally says that the assault affected some providers from the nation’s treasury beginning on April 18th. Hackers not solely took down a few of the authorities’s methods, however they’re additionally leaking knowledge, in response to CyberScoop, which notes that just about 700GB of knowledge has made its means onto Conti’s web site.

The US State Division says the assault “severely impacted the nation’s overseas commerce by disrupting its customs and taxes platforms” and gives “as much as $10 million for info resulting in the identification and/or location” of the organizers behind Conti. The US authorities can also be providing $5 million for info “resulting in the arrest and/or conviction of any particular person in any nation conspiring to take part in or trying to take part” in a Conti-based ransomware assault.

Final yr, the US supplied comparable bounties on REvil and DarkSide (the group behind the Colonial Pipeline assault). REvil is basically considered defunct after the US reportedly hacked the group’s servers and the Russian authorities claimed to have arrested a number of members.

The Costa Rican authorities isn’t the one entity to fall sufferer to Conti’s ransomware. As Krebs On Security notes, the group is especially notorious for concentrating on healthcare services reminiscent of hospitals and analysis facilities.

The gang can also be recognized for having its chat logs leaked after it declared that it totally supported Russia’s authorities shortly after the invasion of Ukraine started. According to CNBC, these logs confirmed that the group behind the ransomware itself was having organizational points — folks weren’t getting paid, and there have been arrests occurring. Nonetheless, like many ransomware operators, the precise software program was additionally utilized by “associates,” or different entities who used it to hold out their very own assaults.

In Costa Rica’s case, the attacker claims to be one in every of these associates and says that they aren’t half of a bigger group or authorities, in response to a message posted by CyberScoop. They’ve, nevertheless, threatened to hold out “extra critical” assaults, calling Costa Rica a “demo model.”

Source link