Cyber Incident Victim: Q-Park
Date:
May 2017
Location:
Netherlands
Summary
Q-Park experienced a ransomware attack disrupting payment systems and website functionality across multiple parking garages, including locations in Rotterdam, Gouda, Veenendaal, Hoofddorp, and Ede. The WannaCry malware encrypted files and demanded ransom, preventing customers from paying at affected terminals but allowing garage access via intercom assistance and on-site staff. The incident marked the first known Dutch victim of this global ransomware campaign, which primarily impacted systems in the UK, Russia, and Spain. Operational disruptions persisted at five facilities, with technical teams working to restore normal operations while accommodating local constraints like event-related access limitations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 12, 2017, Q-Park, a Dutch parking operator, experienced significant disruptions across its operations due to a ransomware attack. The incident initially prevented customers from paying at parking garages in Rotterdam, Gouda, Veenendaal, Hoofddorp, and Ede, while the company’s website also became inaccessible. By Saturday, May 13, screens on Q-Park’s parking machines displayed a ransom note linked to the WannaCry ransomware, confirming the malware’s involvement. This attack marked the first confirmed instance of a Dutch company being compromised by WannaCry, which had simultaneously infected systems across dozens of countries—notably the UK, Russia, and Spain—starting on May 12. The ransomware encrypted critical files on infected systems, rendering them unusable until decrypted, typically after payment of a ransom demand.
By Sunday, May 14, disruptions persisted at cash machines in five of Q-Park’s 262 Dutch parking garages, specifically in Groningen, Veenendaal, Ede, Arnhem, and Rotterdam. Director Mark van Haasteren stated that technicians expected to resolve most issues overnight, though repairs in Rotterdam were delayed due to celebrations for Feyenoord’s championship. Despite the payment system outages, customers could still enter affected garages. Those attempting to exit were instructed to use intercoms to request manual assistance, with Q-Park staff deployed onsite to facilitate departures. The company did not disclose whether ransom payments were made or whether data recovery efforts succeeded. The incident highlighted operational vulnerabilities to ransomware, particularly in public-facing infrastructure reliant on networked payment systems.