Costa Rica Ransomware Attack: RECOPE Faces Major Cyberattack
Last week, Refinadora Costarricense de Petróleo (RECOPE), Costa Rica’s state-owned energy company responsible for importing, refining, and distributing fossil fuels, fell victim to a devastating ransomware attack.
The incident, discovered Wednesday morning, immediately crippled the company’s digital systems, including those essential for payment processing. This energy ransomware attack forced RECOPE to shift to entirely manual operations, impacting fuel sales and distribution across the country.
The ransomware attack caused significant disruption, halting digital payment systems and forcing RECOPE to process fuel sales manually. Tanker terminals extended operations late into the night on Wednesday and throughout Thursday to compensate for the disruption. Despite the challenges, RECOPE repeatedly reassured the public via social media that fuel supplies remained sufficient to meet demand.
The Response to the Costa Rica Energy Ransomware Attack
RECOPE collaborated closely with the Ministry of Science, Innovation, Technology, and Telecommunications (MICITT) to address the situation. The company actively monitored the flow of fuel tankers, extending cargo terminal operations as needed.
A statement from RECOPE confirmed the continued unloading of fuel at their docks, receiving shipments of premium gasoline, diesel, and aviation fuel. They emphasized their sufficient fuel inventories and their commitment to maintaining service, a commitment they’ve upheld for 61 years.
By Friday, the situation had escalated to require international assistance. Karla Montero, president of RECOPE, announced the arrival of cybersecurity experts from the U.S. on Thanksgiving.
These experts began working to gradually restore some systems, though Montero clarified that manual operations would continue until the complete safety of the processes was guaranteed. The increased public concern about fuel availability led to a surge in fuel sales over the weekend, prompting RECOPE to extend its operating hours to meet the demand.
MICITT also issued its own statement, supporting the recovery efforts and reiterating the uninterrupted supply of fuel. The ministry also actively countered circulating rumors of additional cyberattacks against other national institutions. This proactive communication was crucial in maintaining public confidence and preventing panic.
The Broader Context: Costa Rica’s Ongoing Struggle with Cyberattacks
This recent ransomware attack on RECOPE comes amidst a broader context of significant cyberattacks targeting Costa Rica’s government and critical infrastructure. The country previously faced a series of ransomware attacks that led President Rodrigo Chaves to declare a state of emergency.
The Conti ransomware gang was responsible for that previous wave of attacks, which crippled various government services, including the tax system, Ministry of Transport, customs system, electricity grid, meteorological services, and the health system.
The previous attacks prompted significant international support, with the United States providing $25 million to strengthen Costa Rica’s cyber defenses. Costa Rica also joined the Biden administration’s Counter-Ransomware Initiative. President Chaves himself described the previous attacks as targeting “the backbone of the functioning of the state.”
