Costa Rica’s state-owned oil company, RECOPE, suffered a ransomware attack on November 27, disrupting its digital operations and forcing a shift to manual procedures to maintain uninterrupted fuel distribution.
This attack is the second major cyber incident targeting a government institution in the past month, following a similar assault on the General Directorate of Migration (DGME).
Impact on Fuel Supply
Despite the disruption, RECOPE assured citizens that the fuel supply remains unaffected, thanks to sufficient inventories. Manual operations, including extended working hours, have been implemented to meet demand, especially after a surge in fuel sales driven by public concerns.
The ransomware temporarily disabled RECOPE’s digital payment systems, which are often compromised via phishing emails or malicious downloads.
Efforts to Restore Systems
RECOPE is working with Costa Rica’s Ministry of Science, Innovation, Technology, and Telecommunications (MICITT) and U.S. cybersecurity experts to restore the affected systems while ensuring safe operations. However, no timeline for full recovery has been provided.
In comparison, the DGME attack earlier in November caused significant disruptions to online services, though essential operations like border control and passport issuance continued without interruption.
Escalating Cyber Threats in Costa Rica
These incidents highlight the increasing threat to Costa Rica’s public institutions and their digital infrastructure.
- 2022 Conti Gang Attack: A notorious attack by the Conti gang paralyzed several government services and prompted Costa Rica to declare a state of emergency.
- U.S. Aid: The U.S. provided USD 25 million to help strengthen Costa Rica’s cybersecurity.
Despite these efforts, the recent breaches expose persistent vulnerabilities in the nation’s rapidly digitizing but under-secured systems.
Global Implications
Experts warn that attacks on Costa Rican institutions could serve as testing grounds for cybercriminals, helping refine tactics for larger assaults on critical infrastructure in nations like the United States.
Ransomware has evolved from a nuisance to a sophisticated criminal enterprise, often leveraging zero-day exploits and ransomware-as-a-service platforms.
International Response
Globally, governments are intensifying efforts to combat ransomware. The U.S. has established an international counter-ransomware task force, and there is a growing push to classify ransomware attacks as national security threats.
These measures aim to curb the escalating threat and protect critical infrastructure from increasingly sophisticated cyberattacks.