Cyberattacks by the Conti group have increased to more than 1,000 internationally in recent months, according to a report by the US Cybersecurity and Infrastructure Security Agency (CISA) published last February. Although the US body did not detail specific threats, it recommended taking preventive measures for administrators of public and private networks.

“In typical attacks of the ransomware (extortion program) Conti, cybercriminals steal files and documents from servers, and then demand a ransom payment,” said a CISA statement.

The notice issued by the American organization is not the first. Since May 2021, the Federal Bureau of Investigation (FBI) issued an alert on attacks in the United States (USA) by the cybercriminal group targeting networks of medical care and first aid, medical services of emergency, 911 dispatch centers and municipalities.

Like most variants of ransomwareConti typically steals victims’ files and encrypts the servers and computers of the targeted sites as a means of forcing a ransom payment (…) If the ransom is not paid, the stolen data is sold or posted on a sites controlled by Conti ”, is explained in the report prepared by the Cyber ​​Division of the FBI.

The information obtained by the US investigation bureau reveals that the demand for money has reached up to $25 million.

In the case of the Costa Rican attack, the Conti group disclosed, this Sunday, April 17, an alleged action through which it would have obtained a terabyte (1,000 gigabytes of storage) of information from the databases of the Virtual Tax Administration (ATV ), from the Ministry of Finance, and threatens to make it public on April 23, unless a payment is made.

Since last year, the Computer Security Incident Response Center (CSIRT-CR), of the Ministry of Science, Innovation, Technology and Telecommunications (Micitt), released a technical alert about the malicious actions of the Conti Group.

“In September 2021 and on March 15 of this year, as part of the constant monitoring we carry out and the communication that the CSIRT-CR has with all State institutions, we sent alerts about this computer threat,” said Jorge Mora, director of Digital Governance.

Mario Robles, founder of the security company WhiteJaguars CyberSecurity, commented that Conti’s cybercriminals are well known in the US, where there is talk of their ties to Russia.

“The fact that they have passed through Costa Rica is not a surprise. All these alleged attacks carried out by them are disclosed on pages on the deep web (deep web)”, Robles explained.

The specialist added that Conti, through the use of different techniques, is looking for the victim to download a software inside the organization’s systems to later extract the information used for extortion.

“Let’s imagine that a criminal group writes an email that makes itself look quite convincing, like from a bank saying that they will close your account if you don’t do X, Y or Z, how to do click in such a place. If the person agrees, download a software and if that person works for an organization and is doing it from the organization’s computer, they can potentially be dropping a malware that basically starts doing things like checking the computer, trying to get information,” Robles exemplified.

In its Internet Crime Report 2021the FBI attributed 87 incidents to this criminal group last year, only in the North American country.