Cyber Incident Victim: City of Kuurne

On November 17, 2020, the City of Kuurne, Belgium, discovered a virus within its municipal network during routine operations. The infection was identified as a "wannamine" attack—a cryptojacking operation designed to hijack computing resources for cryptocurrency mining rather than deploying ransomware or extortion mechanisms. Upon confirmation of the compromise, municipal authorities immediately disconnected all affected devices from the network as a containment measure. This proactive isolation resulted in a complete shutdown of municipal IT services to prevent further unauthorized cryptomining activity. Officials issued a public statement confirming the disruption and attributing the outage to the attack. No data theft or financial ransom demands were reported, distinguishing the incident from conventional ransomware operations. The municipality emphasized that the attacker’s sole objective appeared to be the illicit use of computational power for generating cryptocurrency.

The service interruption rendered all digital municipal operations inaccessible, impacting internal workflows and public-facing services. Kuurne engaged external cybersecurity experts to assess the scope of the compromise, evaluate system damage, and develop recovery protocols. No timeline for restoration was provided in the initial announcement, reflecting the complexity of securing and rebuilding the offline infrastructure. The incident highlighted operational vulnerabilities to cryptojacking threats, which exploit system resources without immediate detection. Recovery efforts focused on forensic analysis and controlled reactivation of systems to ensure malware eradication. The municipality maintained transparency through press releases but disclosed no technical specifics regarding attack vectors or mining yields. Service availability remained indeterminate as remediation continued following the containment actions.