www.belgium.be Logo of the federal government
computer screen

How to protect yourself and what to do if you are a victim?


In recent weeks, the municipalities of Zwijndrecht, the city of Antwerp and the city of Diest were victims of a cyber attack with ransomware, respectively.  However, businesses and organisations have not been left out of the loop over the past year either. Ransomware is not a new phenomenon, but the recent attacks have many organisations worried.  The recent attacks cannot be assigned to one hacker group.  There are currently many criminal organisations using ransomware to target victims.

Ransomware how does it work?

Ransomware is a virus that is installed on a device without the owner's consent. The hostage virus holds the device and files hostage (encrypted) and demands a ransom. It also happens that in a ransomware attack, data is stolen from the organisation.  The criminal organisation threatens to make the stolen data public if a ransom is not paid.

Anyone can fall victim to ransomware: individuals, practitioners, cities and municipalities, hospitals, large companies.  

How to protect against ransomware?

  • Have a business continuity and recovery plan in place with a tested backup system.
  • For backups, the 3-2-2 rule is important: provide 3 backups, 2 of which are kept locally on 2 different media and 2 of which are kept elsewhere (1 in another location and 1 in the cloud)
  • Ensure MFA/2FA on all external accesses
  • Provide network segmentation
  • Provide a plan for logging and monitoring and backups of the log servers
  • Provide regular updates to quickly fix vulnerabilities
  • For large companies and organisations, a specialised business anti-ransomware solution is recommended
  • Make sure your organisation is prepared for a cyber attack.
  • Get your IT security architecture & policy reviewed by a specialist.
  • Get to work on a cybersecurity strategy.  Read how to tackle it here.

How to respond to a ransomware attack in 12 steps?

Those who have fallen victim to a cyber attack can follow the following steps: