Crime and Courts

Otjiwarongo municipality hit by cyberattack

2025-07-222025-07-22By Correspondent
Otjiwarongo municipality hit by cyberattack

Rudolf Gaiseb

Investigations are underway after the Municipality of Otjiwarongo became the latest victim of a cyberattack, with criminals threatening to leak the town’s sensitive data unless ransom is paid.

The Namibia Cyber Security Incident Response Team (Nam-CSIRT), which operates under the Communications Regulatory Authority of Namibia (CRAN), detected the incident last Wednesday through credible threat intelligence sources.

In a public statement issued last week, CRAN’s executive for communication and consumer relations Mufaro Nesongano confirmed that the attack was identified on 16 July 2025.

“Preliminary indications suggest possible data exfiltration from the municipality’s systems and networks, along with a ransom demand by a threat actor identified as ‘INC Ransom’,” he said.

Cran’s CEO and head of Nam-CSIRT Emilia Nghikembua said due to the sensitive nature of the matter, the municipality was immediately notified and advised to take urgent containment measures. 

These include mapping data to determine the extent of the breach and isolating the affected systems to prevent further damage.

Nam-CSIRT has assured the public that the integrity of the investigation remains uncompromised. 

A formal probe is underway, and the team has committed to providing timely updates as the situation unfolds.

Global cybersecurity firm Check Point Software Technologies state that INC Ransom is a notorious ransomware group that first emerged in July 2023. 

By September of that year, the group had publicly claimed responsibility for hacking at least 12 organisations, a figure that has since risen dramatically. 

The group is known for targeting large multi-national companies in high-value data industries, although small and medium-sized enterprises are also frequent victims.

Ironically, the attack on the Otjiwarongo Municipality coincided with the opening of a national cybersecurity conference in Windhoek. 

The three-day event, which began on the same day the breach was reported, is focused on strengthening Namibia’s digital defences and protecting citizens from the growing threat of cybercrime.