Saturday, May 30, 2026

Valyrian News Network

Understanding, Automated

Technology Security

Anderlues Cyberattack: Belgian Municipality Still Crippled

Valyrian News Network 4 min read

Anderlues Cyberattack: Belgian Municipality Still Crippled After Six Weeks

More than a month after a sophisticated cyberattack crippled the municipal administration of Anderlues, a small town in Belgium’s Hainaut province, officials say the road to full recovery will take at least another month. The attack, which struck on April 9, 2026, forced the town of approximately 12,000 residents to operate in what Mayor Hadrien Polain describes as “degraded mode” — with paper records, borrowed computers, and a Starlink internet connection.

According to RTBF, the attack was detected in the early hours of April 9, between midnight and the time offices were set to open. The federal police alerted the municipality upon the opening of offices that morning. The entire IT ecosystem was immediately shut down, with all 150+ computers disconnected from the network.

A Methodical Response

Mayor Polain described the moment the attack was discovered: “We noticed the attack between 8 and 9 AM, at office opening. Two hours later, I’m tempted to say the battle is still ongoing.” The municipality’s response was swift and cautious — engaging the Belgian Cybersecurity Centre (CCB) and federal police special units to investigate.

As reported by RTBF on the day of the attack, the mayor warned that damages were “very likely significant.” The IT team attempted to recover a backup copy made the previous Monday, but the cautious approach meant systems would remain offline for weeks.

“Before we can restart the system normally, we need to check computer by computer, program by program, and email by email that there’s no dormant threat,” Polain said in the days following the attack, as RTBF reported.

A Second Attempt

The wisdom of this cautious approach became clear on April 13, when a second penetration attempt was detected. Attackers tried to use a compromised administrator login to re-enter the network. The attempt failed, but it confirmed that the threat remained active.

By April 22-23, the CCB and federal police had completed their investigation and lifted the “red light” that had prevented the municipality from restarting its systems. A new firewall was ordered, and officials hoped for a full return after the spring break in early May.

Life in Degraded Mode

For residents of Anderlues, the cyberattack has meant a return to pre-digital methods. Laurence Demeure, head of the Civil Status and Population Office, told RTBF: “We brought out pen and paper again.” Paper registers were used to manage deaths, births, and marriages.

The urban planning department was hit hardest. “The urban planning department can barely work at all anymore,” Polain said. Only urgent documents such as passports and death certificates continued to be processed, using a handful of secured computers. Residents were asked to pay in cash, as electronic payment systems remained offline.

Borrowed computers from the neighboring municipality of Lobbes and a Starlink satellite internet connection allowed some staff to continue working, but at a fraction of normal capacity.

The Cost of Insecurity

The financial toll is significant. The municipality estimates the cost of the attack — including external experts, lost productivity, and new security systems — at several thousand to hundreds of thousands of euros. Notably, no regional or federal financial aid is available to help cover these costs.

Commissioner Christophe Axen, a cybersecurity expert, told RTBF that the incident illustrates a fundamental principle: “The strength of a security chain is determined by its weakest link.” He emphasized the need to update all devices connected to an infrastructure, “even the machine used just to print labels,” and to train staff against phishing attempts.

Gradual Recovery Underway

As of May 15, the gradual restart of systems has begun. Over 150 computers are being checked individually for dormant threats. “It will have taken a month and a half to get out of the attack,” Polain said. “It will take at least another month afterwards to catch up on the backlog.”

The perpetrators of the attack have not been identified, and their motivations remain unknown. The attack has been described by experts as using “cyberwarfare techniques,” suggesting a highly capable threat actor.

Broader Implications

The Anderlues cyberattack is part of a worrying trend for Belgian local governments, which have increasingly become targets of sophisticated cyberattacks. Just weeks earlier, the Belgian government announced secure communication apps for civil servants and military personnel, while the education sector was hit by a major attack affecting multiple institutions via the Canvas platform in early May.

The lack of government financial support for affected municipalities raises questions about the adequacy of cybersecurity funding for local governments in Belgium. For Anderlues, the immediate priority remains clear: restoring full administrative services for its 12,000 residents, one computer at a time.