A network of primary and secondary schools in Belgium reported that cybercriminals gained unauthorised access to its systems and demanded a ransom of €50 for each affected student. The attack, which occurred in late January 2026, disrupted access to digital services used for learning, communication, and internal administration across the affected schools. The network serves thousands of pupils in the Flemish region of Belgium.
Officials said the ransomware attack targeted servers that host email, educational platforms, and school administration tools. Parents and staff were informed by school authorities that threat actors encrypted files and demanded payment in cryptocurrency equivalent to €50 per pupil for decryption keys. The attackers set a deadline for payment and threatened prolonged disruption if demands were not met.
School administrators took networks offline to contain the breach and launched an investigation with support from Belgian cybersecurity authorities. Local police and federal investigators are involved in assessing the scope of the incident, identifying the methods used by the attackers, and tracing the origin of the unauthorised access. No evidence has been disclosed publicly to indicate that personal data was exfiltrated, and authorities have not confirmed any payments to the criminal group.
School representatives said efforts are underway to restore affected services and maintain continuity of education through alternate channels where possible. Teachers have shifted to offline or paper-based assignments while IT teams work on recovery and hardening of systems. Parents were advised to remain vigilant against phishing emails or other suspicious communications that could be related to the incident.
Belgian federal cybersecurity officials said they are coordinating with regional authorities to provide technical support and guidance to the schools. Specialists are analysing malware samples and system logs to determine how attackers gained entry and to develop mitigation strategies. Authorities emphasised that ransomware incidents against critical education infrastructure are a growing concern and reiterated existing best practice recommendations for network security.
School leaders declined to comment on whether backups were available for key systems or how long restoration efforts might take. Staff and parents said they were focused on minimising disruption to students’ learning routines and ensuring that administrative functions such as attendance and grading could resume securely. Authorities continue to investigate the incident and have urged schools to report any suspicious activity related to the attack.