Ransomwarecritical

Costa Rica National Emergency: Conti Ransomware Paralyses a Country

Conti ransomware attacked Costa Rica's Finance Ministry and spread to 27 government agencies, forcing the President to declare a national emergency — the first government in history to do so specifically because of ransomware.

Government of Costa Rica / Conti·2022·2 min read

Background

Costa Rica was targeted by Conti ransomware in April 2022 as Conti was facing internal collapse following the exposure of its internal chat logs after its public support for Russia's invasion of Ukraine. The attack targeted the Ministerio de Hacienda (Finance Ministry), which handles tax collection and customs.

The Attack

Conti encrypted systems at Costa Rica's Finance Ministry, disrupting tax collection and customs clearance. The attack spread to 27 other government agencies including the Social Security Fund. Export businesses were forced to file customs declarations manually. The country's payroll system for 67,000 public workers was impacted. The attackers demanded $10 million, later increased to $20 million. When Costa Rica refused to pay, Conti threatened to overthrow the government and called on Costa Rican citizens to pressure their government.

Response

Newly elected President Rodrigo Chaves declared a national emergency on May 8, 2022. The US offered $15 million in rewards for Conti leadership information. Costa Rica accepted help from US Cyber Command and other allies. Full recovery of government systems took months.

Outcome

The national emergency declaration was unprecedented. The attack caused an estimated $200 million in economic damage from disrupted exports and customs. Conti disbanded shortly after, with members dispersing into other ransomware groups. The case set the precedent that ransomware can rise to the level of a national security crisis.

Key Takeaways

  1. Government systems involved in national economic functions (tax, customs, payroll) require the highest security priority
  2. Ransomware gangs under pressure may escalate rhetoric and demands — negotiating with a disbanding group is particularly unpredictable
  3. International cyber assistance (US Cyber Command partnerships) can be a critical resource for smaller nations
  4. Declaring a national emergency unlocks extraordinary resources but requires political courage
Continational emergencygovernment ransomwareCosta Ricacustoms

More in Ransomware

2017critical

WannaCry Global Ransomware Attack

2 min readRansomware
2019critical

Norsk Hydro: Ransomware Shuts Down Aluminium Plants Across 3 Continents

2 min readRansomware
2016high

Hollywood Presbyterian: Hospital Pays $17,000 to Get Patient Records Back

2 min readRansomware