The Belgian city of Antwerp has been attacked by the Play ransomware gang. The threat actor breached Digipolis — the IT company handling the city’s IT systems which disrupted email, phone and internet services. The disruption is still active at the time of writing.
While the ransomware infection was confirmed quickly, the threat actor behind the attack was unclear until Emisoft analyst Brett Callow discovered that the Play ransomware gang had claimed Antwerp as one of its victims on the gang’s site.
The cybercrime gang has also claimed that it has extracted nearly 557GB of data during the attack including Personally Identifiable Information, IDs, passport numbers and financial documents among “many others”.
The data is to be leaked in the next seven days if a ransom isn’t paid in time. Neither the hackers nor the city’s administration has revealed the ransom amount at this time, however.
The city has announced that almost all services are unavailable or delayed. Local media reports that CEO Johan De Munck of the Zorgbedrijf stated that the problem was relatively small, further adding that the only thing that has really been affected are the 18 residential care centres that had to switch to pen and paper following the attack.
Emergency services such as the fire brigade and police remain active and can be reached via telephone using emergency numbers 101 and 112 respectively. The e-counter of the Antwerp Police Zone also remains active. The rest of the services are expected to be back up and running soon.
This isn’t the first case of a city-wide hack in Belgium either, with the neighbouring municipality of Zwijndrecht, extracting thousands of license plate numbers, speed camera footage and even IDs with photos of minors from a vulnerable police server.