Hugo Miranda, LASIGE integrated member, was invited to write an opinion piece in the newspaper SAPO.pt on 7 November, about the ransomware that hit the Agency for Administrative Modernisation (AMA-Agência para a Modernização Administrativa) on 10 October 2024.

Ransomware is a type of malware that holds a victim’s sensitive data or device hostage, threatening to keep it locked—or worse—unless the victim pays a ransom to the attacker.

Hugo Miranda expressed that “We may never know who carried out the attack and a criminal association with financial objectives is just one of the possibilities” and pointed out that the fact that the data (e.g.
identification documents, mobile phones, PINs or by-products of this data) has not been exposed by the attacker to date does not guarantee that it will not be exposed in the future. In the worst-case scenario,
which is very unlikely to occur, there could be documents allegedly signed by the citizen but generated by the attacker.

An important shortcoming in the AMA’s communication has been that it has not, as of the date of writing this article, publicly guaranteed that this type of incident will not be possible.

“We can take for granted that an attack like this will happen again. Be it on the AMA or other critical infrastructures, for financial, political or futile reasons. And the quality of the response to future attacks will depend on the permanent updating of the technological infrastructure and the specialization, availability and commitment of human resources.”

You can read the opinion article (in Portuguese) here.