Costa Rica vs. Conti
A ransomware crew encrypted the Costa Rican treasury and then escalated. The president declared a national state of emergency in response.
In April 2022, the Conti ransomware crew breached the network of the Costa Rican Ministry of Finance and began encrypting systems. Tax filing, customs processing, and government payroll all went down. Within weeks the group had also hit the Ministry of Science and Technology, the Ministry of Labor, several public hospitals, and the Costa Rican Social Security Fund.
A national emergency
President Rodrigo Chaves, days into his term, declared a national state of emergency over the cyberattack — the first time a country had formally elevated a ransomware incident to that legal status. The government refused to pay the demanded ransom, which Conti had progressively raised from ten million to twenty million dollars.
The crew's leak site posted Costa Rican government files in batches over the following weeks and issued an extraordinary written statement urging Costa Ricans to overthrow their own government over the lost data. The posts were widely read as theatrical cover for what looked like the group's final operations under the Conti brand.
A self-detonation
Costa Rica turned out to be Conti's loudest exit. Even as the campaign against San José unfolded, the gang was internally fragmenting under the weight of the ContiLeaks disclosures, US Treasury sanctions, and the March 2022 controversy over its pro-Russian posture. Within months the brand was retired and its members reorganized under successor monikers.
What the chronicle remembers
Costa Rica was the case that established ransomware against a national government as a real-world possibility rather than a thought experiment. The legal and constitutional improvisations the country made — emergency powers for what was, technically, an IT incident — are now studied by other governments planning for the same eventuality.