US State Department Announces $10 Million Bounty Following Ransomware Attack in Costa Rica

Following a massive ransomware attack on the Costa Rican government in April, the US government issued a notice last week placing a potentially millions-dollar bounty on anyone found on the Continental system used in the hack. ransomware were involved. Rodrigo Chaves Robles, Costa Rica’s recently sworn president, has declared a national emergency over the attack, according to sources CyberScoop.

Corresponding Beeping computer, the ransomware attack affected the Costa Rican Ministries of Finance and Labor and Social Security, as well as the country’s Social Development and Family Allowance Fund, among others. The report also says that beginning April 18, the attack affected some Treasury services. Hackers have not only disabled some government systems, but also exposed data CyberScoopwhich notes that almost 700 GB of data has reached Conti’s website.

The US State Department says the attack “severely disrupted the country’s foreign trade by disrupting its customs and taxation platforms” and “offered up to $10 million for information leading to the identification and/or location” of the organizers behind Conti. The US government is also offering $5 million for information leading to the arrest and/or conviction, in any country, of any person who has conspired to be a part of, or attempted to be, a part of a Conti-based ransomware attack “.

Last year, the US offered similar bonuses on REvil and DarkSide (the group behind the attack on the Colonial Pipeline). REvil is widely believed to be defunct after the US reportedly hacked the group’s servers and the Russian government claimed to have arrested several members.

The Costa Rican government is not the only entity to fall victim to Contis ransomware. When cancer over safety notes that the group is particularly notorious for targeting healthcare facilities such as hospitals and research centers.

The gang is also known for having their chat logs leaked after declaring that they fully supported the Russian government shortly after the invasion of Ukraine began. According to CNBC, these logs showed that the group behind the ransomware had organizational problems of their own — people weren’t being paid and arrests were occurring. However, as with many ransomware operators, the actual software was also used by “partners” or other entities that used it to carry out their own attacks.

In the case of Costa Rica, the attacker claims to be one of those partners and says they are not part of a larger team or government, according to a message posted by CyberScoop. However, they have threatened “more serious” attacks and called Costa Rica a “demo version”.