RECOPE, Costa Rica’s State-Owned Energy Provider, Grapples with Ransomware Attack and Fuel Supply Disruption
Refinadora Costarricense de Petróleo (RECOPE), the state-owned entity responsible for Costa Rica’s fuel supply chain, has been targeted by a ransomware attack, impacting operations and raising concerns about potential fuel shortages. The incident, detected on November 27th, has forced the company to implement manual processes, affecting digital payment systems and hindering fuel distribution.
RECOPE, which manages the importation, refining, and distribution of fossil fuels across the nation, including critical pipelines connecting the Caribbean and Pacific coasts, confirmed the attack and is actively working with the Ministry of Science, Innovation, Technology, and Telecommunications (MICITT) to investigate the breach and restore systems.
The attack has resulted in operational challenges, particularly at tanker fuel terminals, where manual transactions have replaced digital systems. Despite these hurdles, RECOPE has affirmed that fuel reserves remain adequate to meet national demand. However, public apprehension about potential shortages has triggered a surge in fuel sales, prompting the company to extend operational hours, including weekend operations, to mitigate disruption.
By November 29th, with the assistance of cybersecurity experts from the United States, RECOPE initiated partial restoration of its systems. Manual processes remain in effect as the company prioritizes ensuring the complete security of its infrastructure before full digital operations resume.
This incident follows a concerning trend of cyberattacks targeting critical infrastructure in Costa Rica. In 2023, the Conti ransomware group launched a devastating attack that crippled essential services, including the national tax system, transportation ministry, and customs services. This prompted President Rodrigo Chaves to declare a state of emergency and the United States to allocate $25 million in aid to bolster the nation’s cybersecurity defenses.
While MICITT has refuted rumors of additional attacks on national institutions, the RECOPE incident underscores the persistent vulnerability of critical infrastructure to cyber threats. The Ministry has confirmed its active involvement in supporting RECOPE’s recovery efforts.
