Cybercriminals infected the city’s IT systems with ransomware. Residents are unable to make appointments for public affairs. Antwerp’s police and museums are partially offline.
The attack took place on the night of December 5-6. A city spokesperson told De Standaard that ransomware was found on several systems. The identity of the attacker(s) is unknown at the time of writing. Local authorities have opened an investigation.
The infection appears to be widespread. It’s currently impossible to make appointments for public affairs. Local police and city museums are partially offline, but emergency numbers and services remain operational. The phone system of social service provider Zorgbedrijf Antwerpen has been restored after initially going down.
Turning off systems is a common response to ransomware. A victim can prevent virus spread by cutting network connections. In Antwerp, some systems are offline because the national government disconnected as a precaution.
“To give an example, we can no longer issue identity cards”, spokesperson Dirk Delechambre told De Standaard. “Many of the applications at those counters are federal, and they preemptively shut down the lines.”
The city is attempting to restore infected systems with backups. It’s unclear if and when the environment will be restored. “Everything is still under investigation”, Delechambre said.
Cyberattacks on municipalities
In September, cybercriminals hacked the systems of Zwijndrecht, a neighbouring municipality. A poorly secured police server caused a data breach of thousands of fines, license plates and justicial reports with photos of minors.
Things went south in the Netherlands in April. Cybercriminals abused the login credentials of an IT vendor to infect the municipality of Buren with ransomware. The attackers captured 130GB of data, including 1,331 identity document copies. The information was subsequently traded on the darkweb.