Financial Crime World

Peru’s National Intelligence Agency Hacked by Conti Ransomware Gang, Threatens to Release Stolen Data

A ransomware gang that has threatened to release sensitive data from Costa Rica’s government has now targeted Peru’s intelligence agency, highlighting the vulnerability of governments in the region to cyber attacks.

The Attack

On April 27, the Russian-based Conti group announced it had hacked the website of Peru’s National Directorate of Intelligence, according to local media outlet La República. The group demanded a ransom payment and threatened to release stolen data if its demands were not met.

Conti’s Demands

Just two days later, Conti renewed its pressure on Costa Rica’s government, warning that it would publish 46 gigabytes of stolen information from the country’s finance and labor ministries, as well as other government agencies, unless a $10 million ransom was paid. Costa Rica has refused to pay.

Who is Conti?

Conti, considered the largest ransomware gang in the world, specializes in “big game hunting,” selecting high-value targets for greater payouts and notoriety. The group pulled off over 500 ransomware attacks in 2021 alone.

Latin America’s Cybersecurity Challenges

The escalation of cyber attacks on Latin American governments has become increasingly apparent in recent years. Costa Rica and Peru are just the latest targets in a region where institutions lack the resources or capabilities to defend their critical digital infrastructure.

  • Lack of technical expertise
  • Inadequate cybercrime legislation

Recent Attacks

In 2021, Brazil’s Ministry of Health was hacked by the cybercrime gang Lapsus$, and platforms affected included those tracking COVID-19 vaccinations. Brazil has also suffered 13 separate cyberattacks on its court system in the past 18 months.

  • October: Information on Argentina’s entire population was allegedly stolen after the country’s National Registry of Persons was infiltrated.
  • Chile’s customs agency was similarly targeted by the ransomware group Prometheus.

Expert Insights

Cybersecurity expert Steph Shample explained that Conti is extremely well-organized and careful in selecting targets from which to steal sensitive data. The group uses malware like Trickbot and Emotet for initial access to an organization, and defending against such attacks is complicated by human error.

  • “It only takes one vulnerability and then everything is out there,” Shample said. “They’ll get additional credentials. They can read private emails, and read private chats in any company.”

In the Peru attack, Conti’s message specifically noted that there was no data encryption on the network, highlighting the ease with which the group was able to infiltrate the agency.

Conclusion

Latin America has seen an explosion of ransomware attacks in recent years. In the face of these threats, governments must prioritize investing in cybersecurity measures and developing robust national strategies to protect against these types of attacks.