by ALFRED SHILONGO
WINDHOEK – NAMIBIAN authorities have opened a probe after a local municipality suffered a serious cyber attack by the notorious ransomware and data extortion threat group, INC Ransom.
On Tuesday, the Otjiwarongo Municipality has fallen victim of the attack, that has been confirmed by the Namibia Cyber Security Incident Response Team (NAM-CSIRT), housed at the Communications Regulatory Authority of Namibia (CRAN).
The regulator disclosed this incident involved systems or networks belonging to the northeastern town of around 50 000 people.
Preliminary indications suggest possible data exfiltration and a ransom demand by INC Ransom.
Exfiltration involves the unauthorised transfer of data from a computer system or network, often by malware or malicious actors.
Emilia Nghikemua, CRAN Chief Executive Officer, said given the sensitivity of the matter, NAM-CSIRT had notified the affected municipality and recommended that containment measures, including data mapping to determine the extent of the exposure and the isolation of affected systems.
“A formal investigation has been initiated, and NAM-CSIRT will provide an appropriate update in due course,” she said .
Nghikemua is also Head of NAM-CSIRT.
She said NAM-CSIRT remained committed to transparency and would continue to keep stakeholders informed of any significant developments, without compromising the integrity of the investigation.
Active since at least July 2023, is a group of cyber criminals that focuses on launching targeted attacks on large-scale organisations and corporate enterprises.
They target network devices via spear-phishing scams and exploiting vulnerabilities to gain control on enterprise networks.
Namibia faces significant cyber security challenges, blamed on inadequate legislation, dearth of cybersecurity awareness and vulnerable infrastructure as well as scarcity of cyber security professionals.
In 2024, statistics indicate the Southern African country suffered more than 1,1 million incidents.
These include a major breach at Telecom Namibia, an attack that exposed over 626 gigabytes of sensitive data.
Paratus, another operator, also reported a breach that compromised 84 gigabytes of data.
Last week, Namibia signed a memorandum of understanding (MoU) with India to co-operate on cyber security.
- – CAJ News
