Cybercriminals who compromised an academic institution in Antwerp have resorted to exerting psychological pressure on parents after the administration refused to acquiesce to their ransom demands. The adversaries are currently disseminating threatening missives, warning of the imminent exposure of students’ personal data and shifting their financial extortion from the school directly to the families.
The breach targeted the OLV Pulhof secondary school in the Berchem district of Antwerp, Belgium. According to regional media reports, unauthorized access to the internal network was established shortly after the winter hiatus. The school administration has exercised discretion, withholding specific technical details regarding the nature of the incursion.
A spokesperson for the Antwerp Prosecutor’s Office confirmed to journalists that a formal investigation has been inaugurated, though further commentary was declined. The Belgian broadcaster VRT News reported that in January, the extortionists issued a manifesto identifying themselves as the “Lock-Bit” collective, claiming credit for the exfiltration of confidential records pertaining to students and faculty. The stolen cache purportedly includes financial documents and sensitive mental health assessments.
However, cybersecurity specialists remain skeptical regarding the attribution to the authentic LockBit syndicate. The name was erroneously hyphenated, and the operational methodology deviates significantly from the group’s established signature. Typically, LockBit embeds ransom notes within the compromised infrastructure and conducts negotiations via dedicated dark-web portals rather than through conventional electronic mail.
The antagonists initially demanded a sum of €15,000 from the institution. Following the administration’s refusal, they commenced contacting parents, suggesting that the families either compel the school to pay or independently transfer €50 per child. Failure to comply would ostensibly result in the public dissemination and sale of the purloined data.
Adhering to the counsel of information security experts, the school has categorically refused to engage in negotiations and has explicitly advised parents against making any payments.
Analysts observe that a €15,000 demand is uncharacteristically meager for prominent ransomware syndicates, especially considering the decline in their activity following major international law enforcement operations in 2024. Furthermore, the attempt to solicit fragmented payments from a vast number of private individuals is atypical of high-tier ransomware campaigns; such tactics generally indicate that the attackers were unable to effectively monetize their initial network access.