Last week the Conti ransomware group “went dark” and might have shut down. Shortly before doing so, they went to war with an entire nation. Their ransomware attack paralyzed dozens of public institutions in Costa Rica in early May. The newly inaugurated Costa Rican government was forced to declare a state of emergency—a first for a cyber attack anywhere. Meanwhile, Conti leaked stolen data from Costa Rican sources online. Doubling their ransom demand to $20 million, the Russian-speaking gang threatened to bring down the Costa Rican government.
Speculation is rife that the attack which started Costa Rica’s ransomware emergency may have been an elaborate false flag. Conti may want to smokescreen their rebranding efforts and blow off some of the heat created by a $15 million U.S. government bounty.
Conti’s motivations in paralyzing Costa Rica can’t be known. But their capacity for malicious behavior is clear. For any organization that doesn’t want to end up in a similar situation as the Central American country—where many officials now cannot collect taxes or pay salaries—mitigating the risk of future Conti-like attacks is critical.
The Conti Ransomware Group is Not Alone
Becoming a target for a threat actor like Conti is