A group of cyber criminals attacking along with ransomware has two Latin American governments on the ropes. On the one hand, in Costa Rica, where newly elected president Rodrigo Chaves signed a decree in which he declared national cybersecurity emergency then suffer a computer attack. And on the other hand, Peru, where the situation is extremely critical.

Chaves, in Costa Rica, took action against attacks received by several government institutions in April. On April 20, Russian cybercriminal group Conti reported on its dark web blog that it had hacked 800 servers of the Costa Rican Ministry of Finance, demanding payment of 10 million dollars to restore files from encryption. They claimed there was 1TB of stolen information.

The Government of Costa Rica acknowledged the situation and confirmed that the incident affected the Ministry of Finance to a greater extent, but also other entities such as the Administrative Board of the Electricity Service of the province of Cartago (Jasec); the Ministry of Science, Innovation, Technology and Telecommunications; the Ministry of Labor and Social Security; as well as the National Meteorological Institute (IMN), Radiographic Costarricense (Racsa) and the Costa Rican Social Security Fund (CCSS).

The Chaves government refused to start a dialogue with the group, so there were no official negotiations. Even the U.S. government intervened in the situation: it was reported on Friday that it was offering a reward of up to $ 15 million for information leading to the identity of Conti members.

In Peru, the situation is more complicated. The gang of cybercriminals climbed their site on dark web a note where you make sure you have access to critical infrastructure, including the water and electricity network.

“All downloaded documents are classified as confidential. We work only for money, we are not pursuing other goals”, Says the note, according to cybersecurity experts.

What is ransomware and how does it work?

Ransomware has claimed many victims in recent years. His name is an acronym for “data rescue program”: ransom in English means ransom, and ware is an abbreviation of the well -known word software: a data hijacking program. Ransomware is a subtype of malware, an acronym for “malicious software.”

Today, this type of program acts by restricting access to parts of our personal information, or all of it. And in general, the attackers they take advantage of it to ask for a replacement: money.

While some simple ransomware can lock the system in simple ways, the most advanced ransomware uses a technique called “cryptoviral” extortion, in which the victim’s files are encrypted, making it completely that they are inaccessible.

Ransomware attacks are usually more targeted than malware: cybercriminals target computer systems certainly which belongs to corporate businesses and this has to do with the fact that they are more “juicy” victims to take money from them.

A WhatsApp URL from an unknown contact. Worse: a URL from a known contact: Ransomware has many ways to get there, and the most common in history has been associated with programs we installed ourselves.

As for Conti, the cybercriminals

Conti is, along with REvil (disbanded at the beginning of the year), one of the largest ransomware gangs in the world. This type of malicious program encrypts information to demand ransom in return.

During Russia’s invasion of Ukraine, an internal conflict broke out with this group and an anti-Russian member even published internal chats of the organization announcing their dealings and even bribes to journalists.

In addition, they published “decrypter”, That is, a program to recover stolen data, which they usually provide when they pay a ransom.

A few weeks ago they attacked again, even though it was thought that the gang had been broken by internal fights.

to his victims largest universities are located in the world, panasonicthe Central Bank of Tunisia and be medical health services.

Peru and Costa Rica are two of its most notorious victims.