Hack City of Antwerp

Published on:
Use case

What happened?


In December 2022, the City of Antwerp fell victim to a ransomware attack that severely disrupted the operation of several city services. The attack hit the servers of Digipolis, Antwerp's digital partner, and shut down nearly all Windows systems. As a result, the city's e-mail systems, booking platforms, and other administrative services became inaccessible. Services such as schools, nurseries, and police departments were also affected, and in some cases employees had to fall back on manual methods to continue their work

How did it happen?

The attackers managed to gain access to Digipolis' servers, leading to a large-scale ransomware infection. While the exact attack path has not been shared publicly, all indications are that the ransomware held the city's systems hostage, meaning the attackers demanded a ransom to release the data. The entire system was affected, including key software used for the city's administration(

What was the impact for the company?


The impact on the city was significant. Most digital services were down, so citizens could not keep their appointments for ID cards, for example, and email systems for city employees did not work. In health care centers, workers had to switch to pen and paper to hand out medication, reducing efficiency. The disruption lasted several days, and some systems even took weeks to fully recover.

How could this have been prevented?

At Cyberplan, we believe in a proactive approach to cybersecurity. The following solutions could have prevented this attack or mitigated the damage:

  • Network segmentation: By segmenting the digital infrastructure, an attack cannot spread as quickly.
  • Real-time detection and monitoring: Early alerts and incident response are critical. Cyberplan provides tools that continuously detect suspicious activity and take immediate action to neutralize threats.
  • Backup management and recovery plans: regular backups and recovery procedures would have ensured faster recovery of the affected systems, without depending on the hackers.

If your organization faces similar threats, it is advisable to evaluate and strengthen cybersecurity measures as needed.