US State Department announces $10 million bounty after Costa Rica ransomware attack

Photo by Amelia Holowaty Krales / The Verge

The US government issued a notice last week stating a bounty of up to millions of dollars on people involved in the Costa Rican attack. According to CyberScoop, Costa Rica's recently sworn-in president declared a national emergency due to the attack.

Costa Rica's ministries of finance and Labor and Social Security, as well as the country's Social Development and Family Allowances Fund, were affected by the attack. The attack on the country's treasury began on April 18th, according to the report. According to CyberScoop, the hackers have taken down some of the government's systems, but they're also leaking data, which has made its way onto the site.

The US State Department says the attack severely impacted the country's foreign trade by disrupting its customs and taxes platforms, and offers up to $10 million for information leading to the identification and/or location. $5 million is offered by the US government for information that leads to the arrest and conviction of any individual in any country that participates in or attempts to participate in a Conti-based ransomware attack.

The US offered similar bounties on REvil and DarkSide last year. The US is thought to have hacked the group's server, and the Russian government claimed to have arrested several members.

Related

Winning the war on ransomware

The Costa Rican government is not the only one that has fallen victim to the software. The group is notorious for targeting hospitals and research centers.

The chat logs of the gang were leaked after it declared that it supported Russia's government after the invasion of Ukraine. According to CNBC, the group behind the ransomware was having organizational issues, people weren't getting paid, and there were arrests happening. The actual software was used by affiliates or other entities who used it to carry out their own attacks.

In Costa Rica, the attacker claims to be one of these affiliates and says that they aren't part of a larger team or government, according to a message posted by CyberScoop. They threatened to carry out more serious attacks on Costa Rica.