article featured image


The city of Antwerp, Belgium, is working on restoring its digital services that were disrupted, earlier this week, by a cyberattack on its digital provider. The disruption in services has affected everything from schools, daycare centers, and the police.

There is not much public information available at this time, but all signs point to a ransomware attack from a threat actor that has yet to be identified.

Reporting on the matter, Het Laatste Nieuws explains that the hackers breached the servers and stole the administrative software from Antwerp’s digital partner, Digipolis. Furthermore, the publication notes that almost all Windows applications have been affected, while phone service for some departments was unavailable.

Alexandra d’Archambeau, a councilor member for the district of Wilrijk, also noted that the city’s email service was down, as well as the online political decision platform.

Another Belgian publication reports that it received confirmation that a ransomware attack was to blame, but the threat actor is yet to be determined.

Implications for Residential Centers

Considering the extent of the attack, among other victims of it are those whose services include residential care for seniors in that province, specifically the Antwerp Healthcare Company (Zorgbedrijf Antwerpen).

According to Johan De Muynck, the general manager of Zorgbedrijf:

The software in which we keep track of who should receive which medication no longer works because of the attack.


The switch to pen and paper in 18 residential care centers created a huge hurdle for the staff, who were forced to rely on traditional paper prescriptions for their patients.

However, the manager further claimed that the residents` information is safe, as the database have not been compromised during the attack.

Antwerp’s mayor confirms that the IT systems are currently not working, while experts estimate the impact could last until the end of the year.

Despite being significantly affected, emergency services continue to be available.

Update (December 13, 2022): Play Ransomware Claims Attack

Over the course of the weekend, Brett Callow, Emsisoft threat analyst, noticed that the Play ransomware operation listed Antwerp as a victim.

The entry on the data leak site claims that 557 GB of confidential data was taken during the attack, including personal information and financial documents.

However, data from the city has yet to be leaked, with the threat actors indicating they will start to publish it in a week if they don’t get the ransom.

Play ransomware made its first appearance in June 2022, and soon after made its first victim when the ransomware gang caused Argentina’s Judiciary of Córdoba to shut down its IT systems.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa


Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

Leave a Reply

Your email address will not be published. Required fields are marked *