City of Antwerp is back to pen and paper for a while.

[manikyath]

Summary

So, i'm gonna keep the personal opinions on this relatively short, because i'm closer to this issue than i'd prefer to be...

But essentially, everything City of Antwerp related that runs windows (this includes elderly care and other public services) is potentially affected by a cyber attack and/or ransomware/virus.

there's very little actual detail on this, because it's very much still a developing story.. but essentially.. everything that is "City of Antwerp" in-house stuff, is down.

 

EDIT: news outlet 'De standaard', and re-published by 'bleepingcomputer' (sources below) reports the cause is ransomware, but the source of it is still unknown.

 

UPDATE 08/12: the city has posted a list of affected services on their website:

 

Municipal administration counters:

- Ongoing matters of migration cannot be handled at the counters.

- Requesting parking permission, access to garbage management, etc. cannot be handled at the counters.

 

Daycare:

- the online platform for making appointments and scheduling cannot be used.

- billing is delayed

- E-mail communication is down

- The platform for managing medical requirements is inaccessible, so parents have to instruct the daycare about requirements in person. (why did this even exist in the first place?)

 

Waste management:

- making appointments at recycling centers is impossible

- previously made planning for waste pickup cannot be accessed, so it is recommended to call for a new appointment.

- ordering 'waste stickers' is impossible (yes.. some places have to stick a 'license sticker' on their garbage bags..)

 

Culture:

- making reservations for the sporting facilities is impossible

- online ticket sales for shows are impossible.

- ticket sale for museums is impossible

- the library system is down, so books cannot be leant out.

 

Mobility:

- requesting temporary parking restrictions is impossble.

- getting parking permits is impossible.

- the city-owned route planner for traveling in and out of the city is unavailable.

 

Other:

- loan materials (tents, party equipment, etc..) cannot be requested.

- the "center for social wellbeing" cannot make payments. (think unemployment benefits.)

- requests to the archive cannot be handled.

 

Quotes

Quote

Almost all Windows applications of the City's administration have been impacted, according to Het Laatste Nieuws. The disruption has caused the administration's internal services not to be up to speed, including services provided to citizens.

Appointments at the City's counters are currently not working, although the city's website can still be used.

EDIT: here's an addtional quote, from "zorgbedrijf" - the city's healthcare company:

Quote

"Doctors now have to sign prescriptions that we then deliver to the pharmacy. Lots of paperwork but everyone gets their medication today. My estimate is that everything can go automatically again tomorrow morning,"

 

My thoughts

As i said at the top.. i'm sort of close to this, so i need to tread lightly.

This does really feel like a "no matter how much effort you put into security, all it takes is one idiot with admin credentials to press the wrong E-mail".

I dont know if that's the way it happened, but since last time antwerp was impacted it was a "usb stick" (usb rubber ducky, anyone..) it's probably that.

 

Sources

A very brief english language article (in fact.. the only one..) https://www.brusselstimes.com/technology/333018/city-of-antwerp-hit-by-cyber-attack

their sauce, in dutch, for those who are equipped with translation tools: https://www.hln.be/antwerpen/rusthuizen-schakelen-over-op-pen-en-papier-na-massale-cyberaanval-op-antwerpse-stadsdiensten~a24d88fa/ (note, most of this article is sensationalist guesswork, because that's what hln is good at..)

EDIT:

A more up to date source from 'bleepingcomputer': https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/

they mention 'de standaard' as a source.. which turns out to be really difficult to google for some reason, because the article didnt come up earlier today: https://www.standaard.be/cnt/dmf20221206_93860773

[Sarra]

My condolences. D: Hopefully it gets sorted out, and not too many people will be effected.

 

I would say 'Rar rar rar Linux is BETTAR' but I know that an Admin with no sense would be able to make just as much mess in Linux as in Windows.

[manikyath]

39 minutes ago, Sarra said:

 

I would say 'Rar rar rar Linux is BETTAR' but I know that an Admin with no sense would be able to make just as much mess in Linux as in Windows.

interesting to read "all windows" in the article, i assume there'd the odd linux stuff dotted around, and as far as i've tried all the web-facing stuff is still online... (which is where you'll find linux the most)

[ouroesa]

5 hours ago, manikyath said:

Summary

So, i'm gonna keep the personal opinions on this relatively short, because i'm closer to this issue than i'd prefer to be...

But essentially, everything City of Antwerp related that runs windows (this includes elderly care and other public services) is potentially affected.

there's very little actual detail on this, because it's very much still a developing story.. but essentially.. everything that is "City of Antwerp" in-house stuff, is down.

 

Quotes

 

My thoughts

As i said at the top.. i'm sort of close to this, so i need to tread lightly.

This does really feel like a "no matter how much effort you put into security, all it takes is one idiot with admin credentials to press the wrong E-mail".

I dont know if that's the way it happened, but since last time antwerp was impacted it was a "usb stick" (usb rubber ducky, anyone..) it's probably that.

 

Sources

A very brief english language article (in fact.. the only one..) https://www.brusselstimes.com/technology/333018/city-of-antwerp-hit-by-cyber-attack

their sauce, in dutch, for those who are equipped with translation tools: https://www.hln.be/antwerpen/rusthuizen-schakelen-over-op-pen-en-papier-na-massale-cyberaanval-op-antwerpse-stadsdiensten~a24d88fa/ (note, most of this article is sensationalist guesswork, because that's what hln is good at..)

I still have no idea what happened and why the sytems are down/affected? Affected by what? Am I missing something? 

[manikyath]

11 minutes ago, ouroesa said:

I still have no idea what happened and why the sytems are down/affected? Affected by what? Am I missing something? 

at this point.. i dont think they themselves are entirely sure. "cyber attack" is the word used for now, it appears to be a ransomware of sorts, but how, who, and why is still a mystery.

 

i've edited the OP to reflect this better, because in hindsight.. i have left that quite vague indeed

 

i should also mention for future reference: i'm not 'personally' involved in any way, but indirectly i could be able to get more inside information than would be legally desirable. so anything i do say about it is directly based on articles that are publicly available.

[circeseye]

1 hour ago, manikyath said:

at this point.. i dont think they themselves are entirely sure. "cyber attack" is the word used for now, it appears to be a ransomware of sorts, but how, who, and why is still a mystery.

 

i've edited the OP to reflect this better, because in hindsight.. i have left that quite vague indeed

 

i should also mention for future reference: i'm not 'personally' involved in any way, but indirectly i could be able to get more inside information than would be legally desirable. so anything i do say about it is directly based on articles that are publicly available.

this has some info about it....weird soooo many systems were effected. youd think theyd seperate them just to protect them.

https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/

[manikyath]

2 minutes ago, circeseye said:

this has some info about it....weird soooo many systems were effected. youd think theyd seperate them just to protect them.

https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/

they have pretty high security standards for what's essentially just a local branch of government workers.

 

i'll add the article and their source to the OP, thanks for the input.

[Salv8 (sam)]

i honestly believe that governments shouldn't go fully paperless if something like this can happen and they need to continue providing essential services.
the fact that there was no system in place as a backup is asking for trouble.

i know a lot of people aren't going to agree with me with how inefficient the old systems are but would you rather have a slow essential government process in the event of a crisis or one thats unable to function without a working computer?

i'd rather have deal with a slow government in the event their systems went down then tax dolars being wasted while they fix their systems and being unable to preform essential services.

[manikyath]

1 minute ago, Salv8 (sam) said:

i honestly believe that governments shouldn't go fully paperless if something like this can happen and they need to continue providing essential services.
the fact that there was no system in place as a backup is asking for trouble.

i know a lot of people aren't going to agree with me with how inefficient the old systems are but would you rather have a slow essential government process in the event of a crisis or one thats unable to function without a working computer?

i'd rather have deal with a slow government in the event their systems went down then tax dolars being wasted while they fix their systems and being unable to preform essential services.

yes and no.

paper *is* the backup.

as for 'paperless' failover.. you can have as much failover as you want, if the whole network is potentially compromised, the failover usually is too, and even if it appears to not be, you really dont even want to risk it. although it does feel like in threat profiling all too often ransomware is just shoved under 'we'll nuke and restore from backup when this happens, even if it means stone age for a day.'

 

also.. avoiding inside baseball the best i can.. the GM of zorgbedrijf stated that by the morning they should be running digital again, this to me suggests they went for the 'nuke and restore from backup' approach.

[Zodiark1593]

7 hours ago, Salv8 (sam) said:

i honestly believe that governments shouldn't go fully paperless if something like this can happen and they need to continue providing essential services.
the fact that there was no system in place as a backup is asking for trouble.

i know a lot of people aren't going to agree with me with how inefficient the old systems are but would you rather have a slow essential government process in the event of a crisis or one thats unable to function without a working computer?

i'd rather have deal with a slow government in the event their systems went down then tax dolars being wasted while they fix their systems and being unable to preform essential services.

Not only inefficient, but also expensive. People time is drastically more expensive than machine time, especially in use cases requiring high throughput. You'd be required to keep many workers trained and on standby to be able to scale at all for a meaningful failover, which costs money. I'd imagine in certain high-demand government use-cases, such as Unemployment (especially nowadays with higher populations and ever-greater demand), the required throughput may preclude older systems from being a feasible option at all, and a lot of the time, even newer systems are stretched thin.

 

Depending on the scale required, many systems are at the point where the efficiency itself is critical to the functioning of the service (ie, it serves so few people as to effectively be non-functional amnyway). Again though, scale matters. For services that serve a fewer number of people, a hybrid approach may work.

[leadeater]

9 hours ago, manikyath said:

at this point.. i dont think they themselves are entirely sure. "cyber attack" is the word used for now, it appears to be a ransomware of sorts, but how, who, and why is still a mystery.

There are really ever only 2 "why's": They were targeted, someone did something really stupid. First reason also often involves the second reason, second reason can be solely exclusive however.

 

8 hours ago, circeseye said:

this has some info about it....weird soooo many systems were effected. youd think theyd seperate them just to protect them.

https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/

A single system can be affected however other systems might use that as a data source, or authentication source etc etc. Plus the typical response is to shut everything down regardless of what you think is affected then do controlled and isolated brining back online and checking as you go.

 

8 hours ago, Salv8 (sam) said:

the fact that there was no system in place as a backup is asking for trouble.

A long delay to bringing things back online can be intentional. Worst case is disk based backups are compromised or in question and they have to go back to tape which has many delays like recalling the tapes from wherever they are, loading them in to the tape library, loading more as required etc. If there are enough tape drives recovery time is very good, just only once you've actually started.

 

58 minutes ago, Zodiark1593 said:

Not only inefficient, but also expensive. People time is drastically more expensive than machine time, especially in use cases requiring high throughput. You'd be required to keep many workers trained and on standby to be able to scale at all for a meaningful failover, which costs money. I'd imagine in certain high-demand government use-cases, such as Unemployment (especially nowadays with higher populations and ever-greater demand), the required throughput may preclude older systems from being a feasible option at all, and a lot of the time, even newer systems are stretched thin.

Training people for every rule, policy and regulation would be really problematic. Basically tons of mistakes will happen, there will be specialist roles and teams, lots of kicking things around those different teams to handle their specialist area of knowledge. There's a really good reason "we" moved on to computer systems, although in some ways I do think that has allowed the creation of far too complex rules and policies 

[manikyath]

i've updated the OP with an official list of impacted services, as reported by the city of antwerp on their official website.