Cyber Incident Victim: Liège

On June 21, 2021, the City of Liege, Belgium’s third-largest municipality, experienced a ransomware attack that severely disrupted its IT network and online services. The incident rendered most civil status and population services inoperable, forcing officials to cancel appointments for town halls, birth registrations, weddings, and burial services due to employees’ inability to access critical systems. Online platforms for event permits and paid parking were also disabled. City authorities established a status page to communicate service disruptions, acknowledging broader impacts beyond these initial systems and pledging to publish a comprehensive list of affected services later that day to prevent unnecessary visits to city offices. The municipality’s official Twitter account confirmed the inaccessibility of neighborhood town hall services, among others, attributing the outages to a "computer attack."

Belgian radio and television outlets reported the Ryuk ransomware gang as responsible for the attack, though Liege officials did not publicly confirm this attribution. The incident highlighted systemic vulnerabilities in municipal IT infrastructure, with the article noting that local governments frequently face ransomware attacks due to limited budgets for advanced security measures, outdated hardware, and understaffed IT departments. While Liege represented a significant target, the attack aligned with a pattern of ransomware incidents affecting major cities globally, including recent breaches in Tulsa, Atlanta, Baltimore, and New Orleans. The city’s response focused on service disruption notifications and appointment cancellations, with no additional containment or recovery actions detailed in available reports. Operational consequences persisted through the initial attack day, impacting essential civic functions and resident access to administrative services.