In November 2024, the largest oil refining plant of Costa Rica became the goal of a large-scale cyber attack, which was called the first real test of the new operational program of the US rapid response called Falcon. The initiative of the State Department is aimed at helping the Allies and strengthening global digital norms.
FALCON program (Foreign Assistance Leverabed for Cybersecurity Operational Needs) uses the capabilities of private companies to eliminate the consequences of incidents . In the case of an attack on Recope, American experts arrived in Costa Rica less than a day after receiving a request for help.
Recope, which is importing, processing and distributing fuel across the country, faced the threat from the Ransomhub hacker group, which required $ 5 million to unlock servers. The attackers entered the system through a phisho letter and were on the Web for several months. Costa Rica, adhering to a strict policy of refusing to pay ransom, did not make concessions.
The situation caused interruptions in the operation of the refinery, which led to delays in the distribution of fuel. The team from the USA, including representatives of the State Department and two private companies, helped to remove malicious software from the system, restore data from backups and strengthen the protection of systems from new attacks.
The operation cost the United States $ 500 thousand, which amounted to only a small part of the program of the program of $ 10 million. Despite the short-term nature of the mission, cooperation lasted online until mid-December.
Costa Rica was already faced with a large-scale cyber attack in 2023, when the CONTI group paralyzed the tax system, the Ministry of Transport, customs services, energy and other key structures. Then President Rodrigo Chavez announced a state of emergency, and the United States sent the country $ 25 million to strengthen cybersecurity.