President describes a Costa Rica armed for cyberdefense

Costa Rican President Rodrigo Chaves said on Wednesday that his country has recovered from a wave of ransomware attacks it suffered last year with stronger cyberdefenses than ever.

Recounting the onslaught from a now-defunct group known as Conti, Chaves described a devastating impact on Costa Rica, which did not pay ransoms. Conti had demanded $20 million, leading the recently elected Chaves to declare a state of emergency in response to the overnight paralysis of critical government services.

As recently as January, Costa Rica’s Ministry of Public Works and Transport (MOPT) was attacked and said that 12 of its servers were encrypted.

“We were attacked, affecting the backbone of the functioning of the state,” Chaves said during an interview with Nathaniel Fick, the U.S. ambassador-at-large for cybersecurity and digital policy, at the Center for Strategic and International Studies in Washington.

“Our tax system, our customs system, electricity, even meteorological services … our Ministry of Transport, our social security, our health system attacked — so it was ugly,” Chaves said.

In March, the State Department announced plans to provide $25 million to bolster Costa Rica’s cyberdefenses against threats from ransomware and other hacks. The bulk of the money will underwrite and outfit a new and centralized security operations center to monitor, prevent, detect, investigate and respond to cyberthreats.

Chaves’ remarks highlighted his country’s role as a leading democracy in Latin America and as a longtime U.S. partner.

“Costa Rica is a great house in a neighborhood that has some complications,” he told Fick.

Chaves suggested that the Russia-based Conti may have targeted Costa Rica for the historic and massive attack in part because he was the first Latin American head of state or president elect to call Russia's invasion of Ukraine “criminal.”

“We realized this was coming from Russia,” he said of the ransomware campaign. “Coincidence? Certainly, possible — probably from a group named Conti.”

Chaves said the attacks served as a wake-up call after “decades of negligence.”

Costa Rica has quickly embraced cybersecurity initiatives. It is one of at least 39 countries to participate in the Biden administration’s Counter-Ransomware Initiative, which was designed to bolster law enforcement and diplomatic cooperation against the exploitation of virtual currency to launder ransom payments, among other things.

The Chaves interview also touched on the extensive investments Costa Rica has made in security for 5G networks.

“We're looking at American companies, European companies and telling them you’re secure in this country,” he said. “Your connectivity with headquarters with your plants is going to be fast, reliable, affordable, and, above all, safe.”