ICT service provider ITxx from Antwerp is currently under ransomware attack. As a result, fifty of the company’s customers, mostly small and medium businesses, are no longer able to access their data or backups, says Stephen Hulvet of ITxx.
The attack has been going on since Friday. The hackers, who are still unknown at the moment, managed to encrypt all data and emails from the company and from fifty hosted clients. As a result, ITxx customers—mainly SMEs active in HR, temporary offices, and service voucher companies—cannot access their IT data or backups at this time.
ITxx is working with the Federal Judicial Police’s Computer Crime Unit and with ransomware specialists from cybersecurity firm Secutec on a solution to “enable a safe restart,” says a press release. The company does not want to say if it is considering paying a ransom. Holvoet can’t say exactly how much ransom hackers are asking for and whether or not they’re asking for cryptocurrency, but “they’re asking for a lot more ransom, a hundred times what’s usually asked.” Holvoet expects the problems to continue for at least a few more days.
The attack would have nothing to do with the IT management software from the supplier Kaseya VSA. Earlier today, the Belgian electronic watchdog CERT issued a warning. The program allows hackers to lock down computers and take them hostage. Meanwhile, more than 200 companies around the world have been affected, but this would be a “classic” ransomware attack. According to owner Holvoet, Antwerp does not use this software.
The Center for Cyber Security (CCB) posted a warning on its website on Saturday about a major cyber attack that has affected at least 200 companies since Friday night, including in the United States. All Belgian organizations working with Kaseya VSA are requested to immediately decommission this system.