Brazil sticks with Microsoft despite WannaCry scare

Friday, May 19, 2017

The Brazilian government is committed to major purchases of Microsoft software licenses despite the WannaCry ransomware attack.

A wave of ransomware attacks that began on May 12 infected users in as many as 74 countries worldwide and hit companies including Spain's Telefónica.

Start your 15 day free trial now!


Already a subscriber? Please, login

The attack was linked to vulnerabilities in Microsoft's Windows operating systems. A patch for the vulnerability was released by Microsoft on March 14, but many systems did not install the update.

In reply to questions from BNamericas, the Brazilian government said that there are no plans to change course on the purchases of Microsoft products.

"It's important to clarify that this process is being carried out by the planning ministry to organize a joint purchase for the update of existing licenses and for their expansion in the public administration, gaining scale and reducing government spending," the planning, budget and management ministry said in a statement.

The IT department of the ministry is responsible for organizing the joint purchases.

The ministry argues that the acquisition is necessary to "standardize technology software applications used by the federal public administration." It also claims that the collective purchase for different agencies will allow better pricing and technical terms.

With respect to eventual measures being adopted to reinforce the security of the systems and equipment, the ministry responded that it follows recommendations from the institutional security department, GSI, a body linked to the presidency.

On the day of the ransomware attack, GSI, which is responsible for monitoring military affairs, national security and potential risk to institutional stability, issued guidelines to federal public administration bodies.

Among the measures suggested, GSI recommended that users to keep systems up-to-date and "isolate" any infected machines from the network. It also ran internal awareness campaigns, warning users not to click on any links or download files from e-mail addresses that were suspicious or not recognized.

The department said the attack led to "sporadic incidents" in computers at the national social security institute, but said there was no major damages or theft of data from the public administration.

The ransomware attack is thought to have infected an estimated 200mn devices around the world. According to Kaspersky regional research director Dmitry Bestuzhev, in Latin America Mexico had suffered most, followed by Brazil, Ecuador, Colombia and Chile.