Conti ransomware actors experience created a national exigency in Costa Rica, where the government declared a land of emergency. Multiple governance agencies have reportedly been impacted by an onset in April and the government’s refusal to pay the ransom demands. Kevin Collier of NBC reported: The official declaration, published on a government website Wednesday, said that the assail was unprecedented in the country and that it interrupted the countrys assess aggregation and exposed citizens personal information. Unlike Conti’s messaging in the past, the threat actors are becoming increasingly strident and frustrated. in reception to the country’s loser to pay their ransom demands, the threat actors published this message to them on their leak site yesterday: For Costa Ricahttps://www.hacienda.go.cr/ https://www.mtss.go.cr https://fodesaf.go.cr https://siua.ac.cr Conti is primarily a community of people who understand information security. and we believe that we understand it very well, I want to say: we stopover any actions against Costa Rica (any attacks on this country are not considered our actions) we believe that the state is so aware of the views of the United States that the Americans simply sacrifice it in this regard. why not just buy a key? I manage not know if there get been cases of entering an exigency situation in the country due to a cyber attack? In a week we will delete the decryption keys for costa Rica i appeal to every occupant of Costa Rica, proceed to your authorities and coordinate rallies so that they would pay us as soon as possible if your current administration cannot stabilize the situation? maybe it’s worth changing it? Yes, you read that correctly — they are suggesting overthrowing the government to get them paid. Prior versions also invoked political rhetoric while threatening more consequences, such as the message by “unc1756,” who took citation for the assault with an affiliate and warned that future attacks were coming on other countries — all motivated by money. “FOR COSTA RICA AND US TERRORISTS (BIDEN AND HIS ADMINISTRATION”)Just pay before it’s too late, your country was destroyed by 2 people, we are determined to overthrow the government by way of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency. Now we are putting together a campaign against the current government, the price is changing now you 20m, soon everyone attached to the presenter will start receiving non-urgent calls from us, we get defeated you! For those who have followed or reported on Conti for a while, the deterioration in professionalism and messaging is obvious. But section of the messaging’s purpose may be to take individual responsibility for attacks so that Russia itself is not blamed for interfering with a sovereign government. While not an expert on Conti or its messaging, DataBreaches cannot recall any previous public messaging by them where an individual attacker or affiliate provided their alias like “unc1756” has done. How desperate are threat actors getting for money? And with the crash of cryptocurrencies, are they feeling even more desperate? Conti’s approach to Costa Rica is mirrored in a carry to Peru, where what appears to be the same dysregulated individual writes: For Peruhttps://digimin.gob.pe https://mef.gob.pe MOF – Dirección General de Inteligencia (DIGIMIN) Ministerio de Economía y Finanzas – MEF – Gobierno del Perú I’m starting to outlet the data of the Ministry of Finance of Peru, doh you think unc1756 will toy games? You have 5 days to contact us via DIGIMON chat, we understand that you deeply fare not maintenance about the data of your citizens, you do not attention about their welfare, and what happens if i grow off the water or lightness supply to Peru? It is in your best interest to middleman immediately BlackBasta is not conti it’s fucking kids as reported recently, the U.S. has offered a reward for information leading to the recognition and placement of the leaders involved in Conti and affiliates. The reward offer specifically mentioned Conti’s onset on Costa Rica: In april 2022, the group perpetrated a ransomware incident against the government of Costa Rica that severely impacted the countrys foreign switch by disrupting its customs and taxes platforms. in offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from development by cyber criminals. We look to partner with nations willing to bring justice for those victims affected by ransomware. Whether that offer will have any impact remains to live seen, but even if people are caught, that will likely not be of help to Costa Rica at this point. Whether Costa Rica will proceed to refuse to cave in to extortion demands remains to live seen. will one ransomware group’s determination to get millions of dollars result in costa Rica connection the chorus of increasing world opinion against Russia?