top of page

Belgium City of Antwerp Under Ransomware Attack

The ransomware group Play announced an attack on the city of Antwerp on its darkweb page (threat analyst’s link below) on Sunday. Play claims to hold 557GB of city data, including passports and identity cards. The ransomware group threatens to publish the information on Monday, December 19.

A city spokesperson told De Standaard (link below) that ransomware was found on several systems. 'The software in which we keep track of who should receive which medication no longer works due to the attack,' said Johan De Muynck, general manager of Zorgbedrijf Antwerpen. ‘We expect the issues to be resolved this evening or tonight. Nothing else happened to us. Since last night we have been systematically disconnecting things to subject them to a stress test to see if there are any shortcomings.’ Antwerp authorities have not yet confirmed the identity of the attackers.

Carol Volk, BullWall executive shared her insights on the situation:

“This attack on Antwerp isn’t the Play ransomware gang’s first assault on a major governmental entity. As larger enterprises and intellectual property-centric organizations further tighten their defenses, we can expect threat actors to shift their attention towards governmental prey. City and state governments are seen as having the means to readily pay ransoms, they provide crucial services that must not suffer interruption – in Antwerp’s case, even life-essential prescription data has been locked, and also in some regions, many cities and states are less protected than their Federal counterparts. To protect their citizens, every city government needs to review their policies and security stacks, and deploy tools that can prevent file encryption and corruption, as well as those that can identify mass data transfers. Protection against profit-motivated actors, as well as nation-state threat actors with even more malicious motives, should be considered a highest level priority in 2023.”



bottom of page