Last week, Costa Rica declared a state of emergency after a Conti Group ransomware attack infected government computer networks. Now, the ransomware gang responsible for the attack said its objective is to overthrow the government, according to AP News.
On Monday, newly elected President Rodrigo Chaves told reporters that the Russian-speaking cyber gang had increased ransom payment to $20 million. He said the ransomware had impacted 27 government institutions, including federal agencies, state-run utilities, and municipalities.
"We are at war, and that's not an exaggeration," Chaves said, adding officials believe they're dealing with a national terrorist group with collaborators inside Costa Rica.
Also, on Monday, Conti said: "We have our insiders in your government … are also working on gaining access to your other systems, you have no other options but to pay us. We know that you have hired a data recovery specialist, don't try to find workarounds."
The ransomware attack was first discovered in April, infecting the Finance Ministry, including customs and tax collection networks. AP notes other government networks have been infected and have not worked properly in a month.
Conti has also said: "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency."
If the ransomware is not paid promptly, the cyber gang said they would delete the decryption keys, effectively paralyzing critical networks that run certain government agencies.
Brett Callow, a ransomware analyst at Emsisoft, said, "the threat to overthrow the government is simply them making noise and not to be taken too seriously."
However, Callow did say, "We haven't seen anything even close to this before, and it's quite a unique situation."
Could this be the first instance a cyber gang attempts to overthrow a government with ransomware?