US commits $25 million to Costa Rica for Conti ransomware recovery

The U.S. government is sending $25 million to the government of Costa Rica to help the country recover from a devastating ransomware attack last year that crippled several key agencies.

In May 2022, Costa Rica’s newly elected president Rodrigo Chaves declared a state of emergency after the now-defunct Conti ransomware group severely damaged the Ministry of Finance, the Ministry of Public Works and Transport and the Costa Rican Social Security Fund. The gang posted messages openly calling for the overthrow of the government before demanding a $20 million ransom.

On Wednesday, a senior White House official said that using funding from the State Department, the U.S. government would be committing $25 million to Costa Rica’s cybersecurity efforts after a direct request from Chaves. The funding will be used to secure the country’s networks and defend its critical infrastructure.

“Last spring, Costa Rica experienced some of the worst ransomware attacks than any country had experienced, which really impacted the country's critical services. It disrupted their finance, telecommunications and social security institutions and resulted in President Chavez declaring a state of emergency,” the official told reporters Wednesday. “At the time, we immediately deployed a team of U.S. experts to assist in Costa Rica’s recovery and have been working closely with the country since then, and have recognized that further assistance is needed.”

The funding will go toward creating a centralized security operations center within the Ministry of Science, Innovation, Technology and Communications that will work to prevent, detect and respond to cyberattacks.

The center will also coordinate cybersecurity efforts across all of Costa Rica’s departments and agencies. Portions of the funding will support strategic and technical planning, cybersecurity training and capacity building as well as hardware, software, licenses and tools.

Biden administration officials plan to meet with Chavez in the coming weeks to discuss the grant and broader measures to secure digital infrastructure.

When asked why Costa Rica was being prioritized over the many other governments hit with ransomware in recent months, the official mentioned repeatedly that the move was part of the larger effort to support Ukraine in its war with Russia. The Conti ransomware group drew headlines for openly supporting Russia after it invaded Ukraine – a decision that caused dissension within the group and eventually contributed to its downfall.

“President Chavez and the government believe that their strong support for Ukraine and the strong statements may have been a factor in the significant ransomware attacks,” the official said. “We recognize that supporting our allies’ and partners’ security is important in the context of the work we're doing to support our European allies and partners against Russian cyberattacks.”

The $25 million would also “make such a significant difference in terms of the security operation center, helping them get facts on the ground, helping them build up the capacity to then manage it from this point on their own,” the official added.

This is not the first cybersecurity grant given to a country in need. The White House official noted that $25 million was also given to Albania in February after it faced its own ransomware attack last year – an incident allegedly caused by the Iranian government.

The official noted that both Albania and Costa Rica were first helped by a team of ransomware experts within the FBI – which they called the “U.S.’ core expert incident response team.”

They also referenced the fact that the Cyber National Mission Force (CNMF) deployed a team of two dozen personnel to Albania on a “hunt forward” operation following a second hack, which took place in September.

Counter ransomware initiative

Costa Rica has also applied to join the Counter Ransomware Initiative which the U.S. started with 36 other countries in 2021.

The White House official called the initiative a “cornerstone” of the Biden administration’s cybersecurity agenda and a pathway for more cyber-mature countries to “lift up so many allies and partners.”

They noted that the cybersecurity efforts were key to U.S. support for democracies that now need better tools to hold secure elections, calling their work “foundational to democracy” and important in upholding “responsible cyber norms that hold malicious actors accountable.”

One important part of the initiative discussed during the group’s October meeting was the need to expand and add more countries, particularly ones in the “global South” that needed assistance. The White House official said dozens of cyber-poor countries are facing waves of ransomware attacks and more general cybercrime, prompting the initiative’s members to lend a helping hand.

“We thought that we could be helpful and we intentionally added a co-lead to the diplomacy panel – which is now led by Nigeria and Germany – because we want to bring in that Global South,” the official said.

“So there's been outreach since October 2022 to the countries we felt could really benefit from membership. And that has resulted in the Costa Rican application.”

The National Security Council, White House and State Department did not respond to requests for comment about what other countries have applied to join the initiative. The official explained that once a country applies to join, other countries can object. If there are no objections, the country is inaugurated into the initiative.

When asked whether other countries were contributing funding, the official would specify but explained that several NATO members and countries across Asia were contributing money as well as expertise to broad cybersecurity efforts.

“There are countries there that truly are very much in need of help. So our goal there was to say, money is one thing, expertise is very much needed as well, and to have a set of NATO countries who can commit specific capabilities,” they said, adding that more of the initiatives will be revealed at a summit in the Lithuanian capital of Vilnius this summer.