In Portugal, “there was only one complaint” about WannaCry

  • ECO News
  • 27 June 2017

Rogério Bravo, chief inspector in the cybercrime unit of the Portuguese Criminal Police, said in ECO's Conference that there was only one complaint about the WannaCry virus.

There was only one formal complaint in Portugal about the ransomware attack on May 12, known as WannaCry, which hijacked data from thousands of computer systems worldwide. The statement was made by Rogério Bravo, head of cybercrime prevention from the Portuguese Criminal Police, in ECO’s Cybersecurity Conference, adding the complaint was made by a public entity from the Justice ministry.

Rogério Bravo believes there weren’t more complaints made by companies or privates in an attempt to “protect their image”, adding they just shut down their systems during the attack. Rogério Bravo states: “Was the attack intense? Yes. Was it aimed at a specific sector? We don’t know, but it seems like it was”.

On the perpetrators of these attacks — especially concerning those who used the vulnerabilities discovered by entities from the State, as it is thought to be the case with WannaCry –, the inspector concluded: “these structures are criminal companies. I am terribly afraid this will go unnoticed, but these state weapons have been progressively passed on to public domain and have also been used in organized crime”.

PT: “A dogma fell on May 12″

José Alegria, CSO for PT Portugal, during ECO’s Cybersecurity Conference. Paula Nunes / ECO

José Alegria, chief security office for PT Portugal, one of the companies which suffered an attack, stated the virus allegedly explored a “powerful tool” made by the NSA, and that a “group with Russian connections attempted to sell that tool”. José Alegria states he, as a representative of PT, did not believe they were an “NSA direct target”, adding the attack on May 12 could have been much more serious than it was.

José Alegria stated Microsoft did not avoid the attack because “it is illegal for an entity like Microsoft to purchase those tools to perform reverse engineering”. The executive from PT added: “Allegedly, they say that the ransomware attack was Lazarus Group which is connected to North Korea. The virus was spreading at great speed, 30 seconds. We fought it by sealing the network“.

He concluded by disclosing the lesson learned from the attack: “If your organization is Windows, your backups shouldn’t be”. Furthermore, he advised: “You will be attacked some day, so make sure you have backups for your data […] and make sure the patch is installed in no more than one week“.