Conti Ransomware
.docx
keyboard_arrow_up
School
University of Nevada, Reno *
*We aren’t endorsed by this school
Course
406A
Subject
Political Science
Date
Apr 3, 2024
Type
docx
Pages
5
Uploaded by CaptainDragonfly217 on coursehero.com
Conti Ransomware Attack on Costa Rica
In May of 2022, President Rodrigo Chaves declared a state of national emergency following a cyberattack that crippled the business of 27 government institutions in Costa Rica. The ransomware attack occurred in April of 2022 and proceeded until June, demonstrating the power behind cyberattacks and their ability to paralyze critical state institutions for extended durations.
Target
Costa Rica’s Ministry of Finance was the first government agency to be targeted as they became locked out of their network that handles tax collection, public sector employee wages, and millions of dollars worth of daily exports and trade. In the following weeks, the cyberattack proceeded to target 26 other government agencies such as the Ministry of Labor and Social Security and the Ministry of Science, Innovation, Technology and Telecommunications. By targeting government agencies that work in the public sector, critical services such as hospitals and payroll were forced offline. Attacker
The cyberattack was perpetrated by the Russia-based ransomware group, Conti. Appearing in 2020, Conti became recognized as the largest and most active group in the ransomware space through the compromise of more than 400 organizations and the extortion of multiple billions of dollars from their targets (McClurg, 2022). There are two considerable motives behind Conti’s cyberattacks including both financial and political incentives. As with any ransomware attack, Conti had a clear financial motivation to attack the Costa
Rican government as the group demanded $10 million in exchange for the privacy of stolen
information. When Costa Rica refused to cooperate, Conti raised the price to $20 million and proceeded to publish stolen information as a way to grant legitimacy to their threat. President Chaves’ declaration of a state of national emergency was his first decree as president as the cyberattack deliberately occurred during a period of political transition. Conti had a political incentive to attack during a period of government vulnerability as a way to destabilize the current government into forced regime change. Conti released a public statement that declared, “we are determined to overthrow the government by means of cyberattack…if your current government cannot stabilize the situation, maybe it’s worth changing it” (Lewis, 2022). Threatening, controlling, and publicly releasing stolen information was Conti’s strategy of
delegitimizing Costa Rica’s current government. A confirmed motive for why Conti would be determined to overthrow a democratically elected government is unclear. Conti’s association and
support for the Russian government has led theorists to believe that the attack on democracy was a way to punish an American ally or make a statement about Costa Rica’s support for Ukraine in its war against Russia (Lewis, 2022). Method of Attack
Conti used the ransomware-as-a-service (RaaS) model as their method of attack. In the RaaS model, Conti operators paid affiliates to deploy malware into the government’s system that
further opened the door for Conti to exploit private information for ransom. Conti proceeded with stages of advanced persistent threats. First, Conti gained access to install malware through compromised credentials relating to Costa Rica’s Ministry of Finance. Conti then moved laterally into the government’s network by installing a command-and-control server, backdoors, and encryption tools. Conti attackers quickly located and compromised data through
multithreaded encryption. The hacking cell engaged in the method of double extortion by threatening to leak the stolen data in both the present and future attacks.
Outcome
The Costa Rican government refused to cooperate with Conti, resulting in 97 percent of the 672 GB of stolen data released to the public (Montalbano, 2022). As the government worked to regain control of their network, the Costa Rican Chamber of Foreign Commerce claimed that the country lost over $125 million. For over a month, the 27 affected agencies were offline and unable to resume critical operations and the Costa Rican economy suffered with logistical collapse of the country’s foreign trade, tax, and customs systems. Individual members of Conti were never revealed or prosecuted.
Implications for International Politics
Costa Rica’s declaration of a state of national emergency alerted other countries about the
serious implications of cyberattacks. Destabilizing cyberattacks that target state institutions are a threat for every sovereign country, and this is demonstrated by the desire of other countries to intervene and aid Costa Rica in prosecuting the perpetrators. For example, the U.S. Department of State offered a $10 million reward to anyone who can identify Conti participants. Other countries may feel as if a cyberattack on one nation brings a threat of global stability when it impacts economic systems and trade. In this case, Costa Rica’s foreign trade was halted. As with many Latin American countries, Costa Rica is still defined as a developing nation, meaning that cyberattacks from developed nations such as Russia demonstrate a weld of power in international politics. A developed nation’s ability to attack developing nations becomes harmful when they do not have the same capacity to retaliate or the same resources to defend the attack.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help