Data Breach and Ransom Demand Reported at Namibian Municipality

A cybersecurity incident has been confirmed involving the systems or networks of the Otjiwarongo Municipality in Namibia. The breach, identified on 16 July 2025, is believed to involve data exfiltration and a ransom demand issued by a threat actor known as “INC Ransom.”

The Namibia Cyber Security Incident Response Team (NAM-CSIRT)  responded to the threat after it was detected through credible threat intelligence sources. The affected municipality has been notified, and containment measures are already underway.

“Given the sensitivity of the matter, NAM-CSIRT has notified the municipality and recommended immediate containment measures, including data mapping to determine the extent of exposure and the isolation of affected systems. A formal investigation has been initiated, and NAM-CSIRT will provide an appropriate update in due course. NAM-CSIRT remains committed to transparency and will continue to keep stakeholders informed of any significant developments, without compromising the integrity of the investigation.”

–Mrs. Emilia Nghikembua, Chief Executive Officer, CRAN and Head, NAM-CSIRT.

Efforts are focused on securing compromised systems and identifying the extent of data exposure. Stakeholders are expected to receive further updates as the investigation progresses. The nature of the attack, along with the identity of the ransomware group, suggests a growing cybersecurity threat landscape targeting public infrastructure.