The U.S. government will provide Costa Rica with $25 million in assistance to bolster its cybersecurity efforts, a senior administration official said Wednesday, nearly a year after the country suffered a series of devastating ransomware attacks at the hands of a Russian-linked cybercrime group.
The funding comes in response to a “direct request” from Costa Rican President Rodrigo Chaves to President Biden, the official told reporters Wednesday.
“It will support the government of Costa Rica’s work to secure its networks and defend its critical infrastructure,” the official said. “It really reflects the president’s broader efforts to help partners efforts to build secure, open and reliable digital infrastructure around the world.”
The funding commitment to Costa Rica comes a month after U.S. Ambassador to Albania Yuri Kim announced a $25 million grant there in direct response to a series of destructive Iranian cyberattacks targeting Albanian government and private networks last summer. Albania severed diplomatic ties with Iran after the attacks, and the U.S. government sanctioned the Iranian Ministry of Intelligence in response to the attacks.
The announcement of the Costa Rican cybersecurity assistance was announced as Biden opened the second Summit for Democracy along with the leaders of Costa Rica, the Netherlands, the Republic of Korea, the Republic of Zambia and others. Costa Rica has also applied to join the Counter Ransomware Initiative announced late last year, the official said.
One of Chaves’ first official acts after being sworn into office May 8, 2022, was to declare a national emergency as a result of the Conti ransomware attack that struck multiple government agencies April 17, pilfering the government there of more than 672 gigabytes of information. Two days prior, on May 6, the U.S. State Department announced a reward of $10 million for information leading to the identification or location of anybody who held a leadership role with Conti. An additional $5 million reward from the U.S. government was available for any information leading to the arrest and or conviction of anybody involved with or attempting to participate in a Conti ransomware attack.
Conti’s attack on Costa Rica hobbled critical services in the country, including tax collection systems and medical appointments. A second attack, later in May, linked to HIVE, hit the country. Brett Callow, a threat analyst with Emsisoft, described the situation as “possibly the most significant ransomware incident to date,” in comments to Wired at the time.
In the days after the Russian invasion of Ukraine, Conti posted a message declaring support of the Russian government. The public support ultimately fractured the organization, causing massive leak of Conti internal files and messages. That material showed possible connections between some members of Conti leadership and elements of the Russian government.
The “significance” of the attacks that Costa Rica suffered bolstered the case for U.S. funding, the official said Wednesday. Chaves believes his country’s support for Ukraine “may have been a factor” in the scale of the attacks, the official said, underscoring the geopolitical implications of high-level cybercrime.
“Clearly, in the current context, we recognize that supporting our allies’ and partners’ security is important in the context of the work we’re doing supporting our European allies and partners from Russian cyberattacks, in the context of our broader competition with China and the key space Latin America plays in that as well,” the official said Wednesday.