Latin Analysis: Costa Rica At War With Cyber criminals

“We have shared history, values, and people” declared US Secretary of State during a press conference with Costa Rican president Rodrigo Chaves at the beginning of February, as part of Marco Rubio’s official visit to Central America. Such friendly words were accompanied by equally benevolent actions from Washington, with Rubio announcing a USAID waiver for Costa Rica just two weeks after Trump’s administration put a 90-day freeze on such funding. He also vowed US support in telecommunications infrastructure, narcotrafficking, and especially on cyber security defenses. With Washington becoming increasingly hostile in its attitude towards international relations and aid provision, many may have been surprised by Rubio’s show of support to this Central American state, and such great concern within Washington over Costa Rican cyber-attacks. However, concerns over cybercrime have characterized recent Costa Rican domestic and international politics.

Costa Rica’s Recent History of Cyberattacks:

Supposedly facing “more than 100 million cyberattacks annually”, Costa Rica has suffered an inordinate amount of cyberattacks over the last few years, often targeting governmental agencies and departments. In 2022, it experienced “one of the worst cyberattacks in recent history”, with recently elected President Chaves having to declare a state of emergency. The new president announced that the country was “at war” with cyber criminals. This first attack occurred in April 2022, targeting 27 different government bodies including the Ministry of Finance, where it is estimated that around 800 servers and several terabytes of information were affected. Governmental processes were paralyzed, which had a significant impact on trade. Estimated losses from import and export businesses as a result of these attacks were around $38 million and $125 million a day.

At the end of May 2022, the next attack was launched, this time targeting Costa Rica’s Social Security Fund and healthcare system. This affected around 10,400 computers and around half of servers, bringing important services to a standstill. Around 35,000 medical appointments had to be cancelled in the first week alone, accounting for 7 per cent of all appointments in the country that week.

Infamous hacker group Conti claimed responsibility for these attacks and subsequent ransom demands. Despite the organization having a history of coordinating attacks on healthcare organizations, their work in Costa Rica seemed distinctive. On this occasion, Russia-linked Conti did not only carry out the cyberattack but accompanied it with a call to overthrow the Costa Rican government, announcing that this had alwyas been their intention. Thus, this instance of cyberwarfare has been classified as  “a geo-politically motivated one, at least in part”. This threatened a new era of so-called ransomware, in which certain bodies or companies are more likely to be targeted for political reasons rather than for the data they possess.

Costa Rica has since suffered more cyberattacks. In January 2023, cyber criminals used ransomware to “encrypt 12 servers at Costa Rica’s Ministry of Public Works, knocking all its servers offline”.  Then, state-owned energy provider Refinadora Costarricense de Petróleo (RECOPE)- responsible for handling and distributing fossil fuels as well as managing pipelines- fell victim to a ransomware attack during Thanksgiving 2024. Following the attack, the company had to “shift to manual operations and call in help from abroad”, significantly impacting Costa Rican energy. Additionally, it is suspected that Chinese criminal hacker groups targeted Costa Rica’s telecommunications and technology system at the end of last year, a threat supposedly uncovered by collaborating Costa Rican and US officials. However, the Chinese Embassy in Costa Rica has vehemently denied this.

Why does this happen?

Exporting “over $3.3 billion in technology information and communication across the globe” with a reputation for processing some of the world’s best technological education and knowledge, Costa Rica is one of Latin America’s most technologically advanced nations. However, this phenomenon is fairly new in Costa Rica compared to the innovation giants of the European Union and the United States, who have been able to develop strong defenses against ransomware and cybercrimes over the last few decades. Thus, despite the success of Costa Rica’s ‘digitalization’, the country is seen as more vulnerable by nefarious groups such as Conti. This makes it a prime hacking spot, as coordination and response strategies are slower than those of nations like Germany.  A 2019 survey exposed 250 vulnerabilities within Costa Rican servers and computer systems and highlighted the lack of a contingency plan. The suggestions were not implemented, and the result has been catastrophic for the country.  

What has been done to combat this?

One of the main decisions taken by the current government to combat cyberattacks in Costa Rica was in August 2023, when Rodrigo Chaves issued a decree relating to regulation of 5G mobile infrastructure. This “banned companies based in countries that have not signed the Budapest Cybercrime Convention from participating as 5G providers” on the Costa Rican network. This excluded Huawei- the Chinese state-owned telecom company- which increased tension between Beijing and San José despite the two countries having been allies since the early 2000s, and China increasing its influence within Costa Rica over recent years.

Additionally, in October 2024, the Costa Rican government embarked on a new cooperation project with the support of the European Union, in the hopes of preventing and responding to future cyber-attacks. This initiative involved the creation of “a cyber intelligence laboratory, a forensic laboratory and a secure information exchange network for public institutions”.

A new National Cybersecurity Strategy was also set in motion in 2023, focused specifically on risk management and mitigation. There is hope that by following this plan, “[b]y 2027, Costa Rica’s digital ecosystem will be reliable and contribute to the global effort to secure cyberplace” and a leading example for robust cybersecurity in the region.

The Biden administration worked closely with the Costa Rican governments in their endeavors to prevent ransomware and destabilizing cyber-attacks. In May 2023, the US Embassy in Costa Rica promised a $25 million donation “to help strengthen its cybersecurity and digital infrastructure against threats from malicious actors”. Close cooperation between Washington and San Juan is set to continue in the Trump-era, if Rubio’s words are anything to go by. However, some more cynical onlookers may attribute the keenness of the current US administration to help Costa Rica to their hope that they will collaborate with them on their mass deportation program. If this is the case then they seem to have succeeded: on February 17, the Costa Rican government announced it would “receive migrants from other countries who were deported by the United States, following in the footsteps of Panama and Guatemala.”

The case of Conti in Costa Rica “highlights the importance of international collaboration” when faced with such threats, given how much Costa Rica has relied on their allies  to rebuild in the aftermath of these attacks. In the ever-changing world we currently find ourselves in, the tactics used for warfare or hostile activities are evolving.  These cybercrimes are taking on an increasingly geopolitical nature, and countries with less robust protections for their systems and software must be encouraged and supported to strengthen them. Otherwise, as seen in Costa Rica, the consequences can be widespread and hard to control.  

These incidents highlight the urgent need for global cooperation in combating cyber threats, as well as the importance of proactive investment in digital security. As cyber warfare evolves, Costa Rica’s experience serves as a cautionary tale for other nations facing similar challenges in an increasingly interconnected world.