Bart Preneel  

Update on #Play group ransomware attack on the city of Antwerp (530K inhabitants) on Dec. 5.
1) Play Group claims attack and states that they have stolen 557 Gbyte of data.
2) Many crucial systems down for weeks; first systems come up this week; complete recovery by end of Jan.'23.
3) Dec. 17: Antwerp removed from the Play Group website
4) Dec 18: city of Antwerp claims that they have not negotiated or paid
5) Dec 19: city of Antwerp claims that as far as they can tell data stolen was mostly administrative data which is not a problem for the citizens. Hence no breach report to DPA and no warnings of citizens?

While it is clear that victims of ransomware do not want to share all details, this story seem to have quite some inconsistencies. It is plausible that there was no detailed search for the most sensitive data. On the other hand, sophisticated attackers cover their traces and it may be very hard to find out which data was accessed.

Maybe the data will no be published, but perhaps it has been sold already?
To be continued.

1
Free Soft&Hardware Enthusiast
Follow

@bpreneel thats why all public citizen data should be encrypted so it doesnt matter if it is stolen if the thief doesnt have the keys.

· 0 · 0 · 0
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml