Nearly a week into a ransomware attack that has crippled Costa Rican government computer systems, the country refuses to pay a ransom as it struggles to implement workarounds and braces itself as hackers begin publishing stolen information.
The Russian-speaking Conti gang claimed responsibility for the attack but the Costa Rican government has not confirmed its origin.
The finance ministry was the first to report problems on Monday.
A number of its systems have been affected from tax collection to importation and exportation processes through the customs agency.
Attacks on the social security agency's human resources system and on the labour ministry as well as others followed.
The initial attack forced the finance ministry to shut down for several hours the system responsible for the payment of a good part of the country's public employees, which also handles government pension payments.
It also has had to grant extensions for tax payments.
Conti had not published a specific ransom amount but Costa Rica President Carlos Alvarado said, "The Costa Rican state will not pay anything to these cybercriminals".
A figure of $US10 million ($A14 million) circulated on social media platforms but did not appear on Conti's site.
Costa Rican businesses fretted over confidential information provided to the government that could be published and used against them while average citizens worried that personal financial information could be used to clean out their bank accounts.
Christian Rucavado, executive director of Costa Rica's Exporters Chamber, said the attack on the customs agency had collapsed the country's import and export logistics.
He described a race against the clock for perishable items waiting in cold storage and said they still did not have an estimate for the economic losses.
Trade was still moving but much more slowly.
"Some borders have delays because they're doing the process manually," Rucavado said.
"We have asked the government for various actions like expanding hours so they can attend to exports and imports."
He said normally Costa Rica exports a daily average of $US38 million in products.
Allan Liska, an intelligence analyst with security firm Recorded Future, said that Conti was pursuing a double extortion: encrypting government files to freeze agencies' ability to function and posting stolen files to the group's extortion sites on the dark web if a ransom was not paid.
The first part can often be overcome if the systems have good backups but the second is trickier depending on the sensitivity of the stolen data, he said.
Conti typically rents out its ransomware infrastructure to "affiliates" who pay for the service.
The affiliate attacking Costa Rica could be anywhere in the world, Liska said.
Asked why Central America's most stable democracy, known for its tropical wildlife and beaches, would be a target of hackers, Liska said the motivation usually has more to do with weaknesses.
"They're looking for specific vulnerabilities," he said.
"So the most likely explanation is that Costa Rica had a number of vulnerabilities and one of the ransomware actors discovered these vulnerabilities and was able to exploit it."
Brett Callow, a ransomware analyst at Emsisoft, said he looked at one of the leaked files from the Costa Rican finance ministry and "there doesn't seem to be much doubt that the data is legit".
On Friday, Conti's extortion site indicated it had published 50 per cent of the stolen data.
It said it included more than 850 gigabytes of material from finance ministry and other institutions' databases.
"This is all ideal for phishing, we wish our colleagues from Costa Rica good luck in monetising this data," it said.
Australian Associated Press
Sign up for our newsletter to stay up to date.