Cyber Incident Victim: Ville de Floreffe
Date:
Apr 2021
Location:
Belgium
Summary
The City of Floreffe experienced a cyberattack where hackers encrypted data on local servers, rendering it unusable but not stolen. The municipality detected the issue over a weekend, promptly filed a police complaint, and engaged specialized support services to address the incident. Operational disruptions occurred due to the encryption of terabits of data, with recovery efforts complicated by the substantial time required to transfer the affected information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 10, 2021, the City of Floreffe, Belgium, discovered a cyberattack that compromised its local servers. Municipal officials, including Mayor Albert Mabille, identified operational disruptions on Saturday, April 9, prompting immediate engagement with law enforcement. A formal complaint was filed with police following the initial detection. Specialized cybersecurity services were enlisted to assist with the incident investigation and recovery. Attackers encrypted municipal data stored on the servers, rendering it inaccessible for operational use. No evidence indicated data exfiltration or external transfers by the threat actors. The encryption process effectively paralyzed access to municipal information systems without removing data from city-controlled infrastructure.
The incident impacted terabits of data across Floreffe’s servers, significantly complicating recovery efforts due to the volume requiring decryption or restoration. Municipal operations reliant on the encrypted datasets faced disruption, though specific affected services were not detailed in public statements. Recovery timelines were prolonged by the technical challenges of processing large-scale data restoration. Floreffe’s infrastructure lacked external data transfer capabilities, limiting the attack’s mechanism to local server encryption. No ransom demands or threat actor affiliations were disclosed in the initial reports. Response efforts remained ongoing with external cybersecurity specialists and law enforcement collaboration at the time of the public disclosure.