Ransomware group Play claims to hold 557GB of data from the city of Antwerp. The local government fell victim to a ransomware attack last week.

Play listed the city of Antwerp on its darkweb page on Sunday. The ransomware group uses the page to publicize victims. Play claims to hold 557GB of city data, including passports and identity cards. The ransomware group threatens to publish the information on Monday, December 19.

The city of Antwerp fell victim to a cyberattack last week. A spokesperson told Belgian media that ransomware was found on several systems. As a result of the attack, residents cannot apply for parking permits or identity cards. Hundreds of city employees are forced to work with pen and paper due to outages.

The local District Attorney’s Office launched an investigation into the incident. The identity of the attacker(s) has not been confirmed by the authorities at this time. Ransomware group Play claims to be involved. Antwerp’s addition to its darkweb page suggests that the gang is responsible for the attack.

Unconfirmed

It’s not clear whether Play is in contact with the city of Antwerp. Victims typically receive a ransom demand when the attacker publicly threatens to publish data. The city of Antwerp hasn’t confirmed the latter, meaning we don’t know if and how much ransom Play is demanding.

Belgian media contacted local spokespeople for comments, but responses have been sparse. “Our experts are working day and night, in close cooperation with the judicial services, to investigate and resolve the consequences of the cyberattack”, Johan Vermant said on behalf of the city. “Obviously, for security reasons, we cannot release any details.”

Ransomware group Play

Play was involved in multiple cyberattacks in recent months. In August 2022, the ransomware group made headlines after an attack on Córdoba, a city in Argentina. Play infiltrated the IT systems of local judiciary and government services, encrypted data and left the city with a ransom note.

Tip: Ransomware hits city of Antwerp