Play ransomware claimed the responsibility for an attack on Antwerp, Belgium.
Digipolis, Antwerp’s IT management company, was hit by ransomware last week. This attack disrupted Antwerp’s email and telephone services.
Local media reported many city’s Windows apps were unavailable, and Alexandra d’Archambeau tweeted publicly that email wasn’t available.
The disruption is not over, with that nearly all services will be unavailable or delayed significantly, including applications for jobs and use of libraries.
Attack ransomware with ransomware
Local media confirmed the ransomware attack but it wasn’t clear what type of operation was used.
Brett Callow, Emsisoft threat analyst noticed the Play ransomware operation listed Antwerp among its victims over the weekend.
According to this Antwerp entry, 557GB of data were stolen in the attacks, which included personal data, financial documents, identifications and passports.
The threat actors indicated that they would publish data within a week, but have not yet leaked any data.
Play ransomware, a fairly new operation was launched June 2022 after victims started describing their attacks on the .
The ransomware gang shortly thereafter. This was their largest known attack.
The ransomware has steadily grown since then and now there are countless victims around the world.