Operation Play ransomware claimed responsibility for a recent cyberattack on the Belgian city of Antwerp.

Last week, Digipolis, the IT company responsible for managing Antwerp’s IT systems, suffered a ransomware attack that disrupted the city’s IT, messaging and telephony services.

Local media reported that many of the city’s Windows apps were no longer available, and a member of the city council Alexandra d’Archambeau publicly tweeted that the email was unavailable.

The disturbance continues with the city ​​warning that nearly all services are unavailable or significantly delayed, including job applications, library use, and new city agreements.

Play Ransomware Claims Attack

While local media confirmed that ransomware was behind the attack, it was unclear which operation attacked the city.

Over the weekend, Emsisoft’s threat analyst Brett Callow noticed that Operation Play ransomware started listing Antwerp as one of its victims.

This entry from Antwerp on the data leak site claims that 557GB of data was stolen in the attack, including personal details, passports, IDs and financial documents.

However, data from the city has yet to be released, with threat actors saying they will start releasing data within a week unless a ransom is paid.

Play ransomware is a relatively new operation, launched in June 2022 when victims began describing their attacks in the IT Forums.

Soon after, the ransomware gang targeted the Argentine judiciary in Córdobain what was their biggest known attack.

Since then, the ransomware operation has grown slowly, amassing a steady stream of victims worldwide.