Search This Blog

Showing posts with label Belgium. Show all posts

Ryuk Ransomware Hits City of Liège

 

Liege, the third biggest city in Belgium, was hit by a ransomware attack resulting in the disruption of the municipality’s IT network and online services. As a precautionary measure, IT staff shut down its network to avoid the malware from spreading. The Liège officials launched an investigation into the attack with the help of international security experts and are currently working to restore the operations. 

The officials also published a non-exhaustive list of services that have been affected. These include the bookings for town halls, birth registration, wedding, burial services, collection of passports, driving licenses, identity cards, and other important documents. Online forms for event permits and paid parking are also down. 

“The City of Liège, surrounded by experts of international competence, analyzes the scale of this attack and its consequences, in particular in terms of duration on the partial unavailability of its IT system. It is doing everything to restore the situation as soon as possible. Services to the public are currently heavily impacted,” reads the status page published by the city.

The city officials only reported the incident as a “computer attack”. However, two Belgian media outlets, a radio station, and a TV station claimed that the attack may have been conducted by a group using Ryuk ransomware. Recently, the National Cybersecurity Agency of France (ANSSI) identified a new variant of Ryuk. It possesses worm-like capabilities and can spend weeks or even months inside a victim’s network, conducting reconnaissance and quietly moving ransomware to important systems, often using standard Windows administration tools.

The attack against the Liege municipality is not a one-time attack. Threat actors often target local city networks because many cannot afford top-of-the-line security nor new IT gear, often running severely outdated servers and workstations with a small IT staff. The list of targeted municipalities includes the City of Tulsa, City of Saint John, Albany, Atlanta, Baltimore, Florence, Knoxville, Lafayette, New Orleans, and more. 

According to the latest report by Ransomware Task Force, in 2020 average ransom payments raised 170 percent year-on-year, and the total sum paid in ransom increased 310 percent. It is estimated that ransomware gangs collected at least $150 million in ransoms, with one victim paying $34 million to restore their systems

More Than 200 Belgian Organizations Knocked Offline in a Massive DDoS Attack

 

Belgium's national public sector network Belnet suffered a massive DDoS (distributed denial of service) attack on Tuesday that paralyzed internet access for all institutions linked to the Belnet network, including the federal government and parliament, universities, researchers, and reservations for the country's vaccination program.

The attackers specifically targeted Belnet, a government-funded ISP that provides internet connectivity for Belgian government organizations, such as its Parliament, educational institutions, ministries, and research centers.

According to the local authorities, the incident has impacted the activities of more than 200 Belgian government organizations which includes My Minfin, the government’s official tax- and form-filling portal, but also IT systems used by schools and universities for remote learning applications. In a tweet today, the Belgium Justice Department also reported disruptions but did not go into details. 

"The fact that the perpetrators of the attack constantly changed tactics made it even more difficult to neutralize it. We are fully aware of the impact on the organizations connected to our network and their users and we are aware that this has profoundly disrupted their functioning,” said Dirk Haex, technical director at Belnet.

Parliament and other government activities were also disrupted today because some meetings couldn’t take place as they couldn’t be streamed for remote participants due to the ongoing DDoS attack. The country’s COVID-19 vaccine reservation portal, which is hosted on Belnet’s infrastructure, was also knocked offline as a result of the attack. 

According to the official Twitter account for the Belgian Chamber of Representatives, only the Finance and Foreign Relations committee was able to hold a meeting on Tuesday before others had to be canceled due to the ongoing DDoS attack. Several Belgium politicians and political observers noted today that the attack started around the same time the Belgium Parliament’s Foreign Affairs Committee was supposed to hold a meeting and hear a testimony from a survivor of China’s Uyghur forced labor camps. 

Neither Belnet nor any other Belgium government organization have attributed the DDoS attack to any particular entity and seeing that the attack is still ongoing and would have to be investigated, attribution is currently very far away.