Antwerp Goes Offline Following Ransomware Attack (Updated)
An Attack on the City’s Digital Partner Leaves Services Inoperable.
The city of Antwerp, Belgium, is working on restoring its digital services that were disrupted, earlier this week, by a cyberattack on its digital provider. The disruption in services has affected everything from schools, daycare centers, and the police.
There is not much public information available at this time, but all signs point to a ransomware attack from a threat actor that has yet to be identified.
Reporting on the matter, Het Laatste Nieuws explains that the hackers breached the servers and stole the administrative software from Antwerp’s digital partner, Digipolis. Furthermore, the publication notes that almost all Windows applications have been affected, while phone service for some departments was unavailable.
Alexandra d’Archambeau, a councilor member for the district of Wilrijk, also noted that the city’s email service was down, as well as the online political decision platform.
Stad Antwerpen geraakt door een cyberaanval. Voor de eerste maal dat ik als raadslid ook rechtstreeks de gevolgen voel. Mail ligt plat alsook het online politieke besluitvorming platform.
Wanneer gaan we in België eindelijk van cybersecurity een prioriteit maken? #dtv pic.twitter.com/a0iLW32YBZ
— Alexandra d’Archambeau (@alexandradarch) December 6, 2022
Another Belgian publication reports that it received confirmation that a ransomware attack was to blame, but the threat actor is yet to be determined.
Implications for Residential Centers
Considering the extent of the attack, among other victims of it are those whose services include residential care for seniors in that province, specifically the Antwerp Healthcare Company (Zorgbedrijf Antwerpen).
According to Johan De Muynck, the general manager of Zorgbedrijf:
The software in which we keep track of who should receive which medication no longer works because of the attack.
The switch to pen and paper in 18 residential care centers created a huge hurdle for the staff, who were forced to rely on traditional paper prescriptions for their patients.
However, the manager further claimed that the residents` information is safe, as the database have not been compromised during the attack.
Antwerp’s mayor confirms that the IT systems are currently not working, while experts estimate the impact could last until the end of the year.
Despite being significantly affected, emergency services continue to be available.
Update (December 13, 2022): Play Ransomware Claims Attack
Over the course of the weekend, Brett Callow, Emsisoft threat analyst, noticed that the Play ransomware operation listed Antwerp as a victim.
#Antwerp has been listed by Play. #ransomware pic.twitter.com/icJDvGd4Q0
— Brett Callow (@BrettCallow) December 12, 2022
The entry on the data leak site claims that 557 GB of confidential data was taken during the attack, including personal information and financial documents.
However, data from the city has yet to be leaked, with the threat actors indicating they will start to publish it in a week if they don’t get the ransom.
Play ransomware made its first appearance in June 2022, and soon after made its first victim when the ransomware gang caused Argentina’s Judiciary of Córdoba to shut down its IT systems.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.