Skip to main content
banner image
venafi logo

After Conti Ransomware Group Attacks Costa Rica, U.S. Responds With $15 Million Bounty

After Conti Ransomware Group Attacks Costa Rica, U.S. Responds With $15 Million Bounty

May 11, 2022 | Brooke Crothers

In the wake of ransomware attacks against government agencies in Costa Rica, the U.S. is offering a $15 million reward to apprehend the hackers.

Why are TLS certificates such a hot commodity on the dark web? Read the report to find out!
Widespread impact on government agencies

For more than a month, the Central American country has been racked by ransomware attacks that have impacted government agencies including the Ministry of Finance and Ministry of Labor.  

In response, one of the first acts by Costa Rica’s newly elected president, Rodrigo Chaves Robles, who took office May 8, was to declare a national emergency, as the attack brought down computer systems affecting government operations ranging from paying pensions to collecting taxes, according to the AP

“The Ministry of Finance has been the most damaged institution, as it suffered loss of control over several of its systems and databases, as well as information theft from the ATV (Virtual Tax Administration) and Customs TICA System platforms,” according to, a news site run by the Costa Rican journalist Amelia Rueda Ahumada.

“Everything has caused a collapse in some business areas, such as export and import sectors,” the news site said.

A $10 million ransom was demanded by the Russian-language Conti ransomware group. To date, the Costa Rican government has refused to pay the ransom.

As of May 9, Conti's data leak site shows that the group had exposed 97% of the 672 GB data dump allegedly containing information stolen from government agencies, according to Bleeping Computer.

The Conti gang variant claiming responsibility for the attack identified itself as "UNC1756," Bleeping Computer said, and has threatened to conduct future attacks of "a more serious form,” according to the report.

U.S.: offense as defense

The U.S. is not standing idly by. The State Department, in response to the Costa Rica attack,  announced that it is offering a reward of up to $10 million for information leading to the identification and/or location of “any individuals who hold a key leadership position in the Conti ransomware… organized crime group.”  And an additional reward of up to $5 million for information leading to the arrest and/or conviction of the individuals participate in a “Conti variant ransomware incident.”

The state department made this statement about the Conti group:

The Conti ransomware group has been responsible for hundreds of ransomware incidents over the past two years.  The FBI estimates that as of January 2022, there had been over 1,000 victims of attacks associated with Conti ransomware with victim payouts exceeding $150,000,000, making the Conti Ransomware variant the costliest strain of ransomware ever documented.”

Conti is a Ransomware-as-a-Service (RaaS) known for malware including Ryuk and TrickBot.

The FBI warned about attacks in May 2021 when Conti operators tried to breach over a dozen US healthcare organizations.

U.S. on tenterhooks

In March President Biden warned about signs of possible Russian cyberattacks in retaliation to sanctions imposed after it invaded Ukraine, saying “evolving intelligence that the Russian government is exploring options for potential cyberattack” and for the U.S. private sector to “harden your cyber defense immediately.”

CISA (Cybersecurity and Infrastructure Security Agency) has given similar warnings. CISA’s most widely-publicized warning, “Shields Up,” was issued in February.

The ransomware attack on Colonial Pipeline, which snarled the supply of fuel on the East Coast in May of last year, is still fresh in the mind of the Biden administration.

Related Posts


Like this blog? We think you will love this.
Featured Blog

How DoS/DDoS Attacks Impact Machine Identity, Digital Certificates

For safe and secure utilization of machine identities such as SSL/TLS cer

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more