He went on to explain that at least 27 government agencies, including the Ministry of Finance, state-run utilities and municipalities, were targeted. As a result, the government has been struggling to collect taxes, and the country is facing delays in foreign trade activity. The group had also hiked its ransom demand from what was US$10 million originally, to US$20 million. They have gone so far as to threaten to “overthrow the government by means of a cyberattack”.
It has not just been Costa Rica that has been under fire either. Chainalysis recently published its 2022 Crypto Crime Report revealing Conti to be the biggest ransomware strain by revenue in 2021. Indeed, they had accumulated at least US$180 million from victims that year alone. Just this week, the US manufacturing conglomerate, Parker, announced that it had suffered a data breach at the hands of Conti; exposing the personally identifiable information (PII) of its employees.
So, with all the success they appeared to be having, it came as a great surprise to hear that the gang had officially shut down its operations and taken its infrastructure offline. According to Yelisey Boguslavskiy, researcher at Advanced Intel, though Conti News data leak and ransom negotiation websites remained online, internal panels and hosts are now offline. It has been suggested that their ‘war’ with Costa Rica was simply an attempt at charades, as members dispersed into smaller groups such as BlackCat, Hive, BlackBasta etc. in order to ‘rebrand’.
Whatever the case, whether as a larger operation or disbanded into small coalitions, ransomware actors will frequently leverage the same threat vectors, including the exploitation of vulnerabilities. According to Ivanti’s Ransomware End of Year Spotlight report, 65 new vulnerabilities were identified in 2021 that are known to have been exploited by ransomware gangs. They highlighted that this was an increase of 29% year-over-year, proving once again the important work being conducted by UKRI’s Digital Security By Design Programme to build security into technology from the start and limit the impact of vulnerabilities.