The Play ransomware group’s data leak website has removed Antwerp as one of its victims. The report sparked numerous rumours regarding the Belgian city paying the actors to unlock the city’s data.
Earlier this month, Antwerp confirmed it suffered a cyberattack two weeks before this article was written. The attack impacted the services of the city’s residential care centres.
In addition, Antwerp’s online museum, council website, and public libraries were also affected by the attack. However, the government may have mandatorily taken down a few to prevent the attack’s spread.
The Play ransomware group removed the Antwerp data from their leak site.
The Play ransomware was initially spotted last July, targeting government organisations in some parts of Latin America. The group threatened to expose the stolen data from Antwerp the previous week, but the operators pulled the listing a few days ago.
Cybersecurity experts claimed that these extortion listings are only deleted from the actor’s website if their target compensates them with ransom payments. However, the city mayor of Antwerp denied involvement in any negotiation or compensation to the group.
Ransomware attacks against municipalities usually take months to recover and can be expensive if a target negotiates. An example of this is the 2020 ransomware attack against Hackney Borough Council in London in the United Kingdom, which impacted services for nearly a year and cost the council to pay about $14 million.
Antwerp spokesperson said that their municipality had worked non-stop since the confirmation of the attack to recover and find a solution for the disruption. Fortunately, several city digital services resumed their operations quickly, including Antwerp’s email network and some citizen service providers.
However, the representative explained that it could take weeks to months to recover all their digital service. As of now, they are planning to recover from the attack gradually and will prioritise essential services.
The online ticket sales for Antwerp’s museums appear to be functioning again after the alleged removal of the town from Play ransomware’s leak site.
