Namibia Airports Company, Paratus, Namibia Students Financial Assistance Fund and Telecom Namibia: Hackers who hit Otjiwarongo municipality now after NAC – Windhoek Observer

Namibia Airports Company Hit by INC Ransomware Group, 500GB of Data at Risk

The Namibia Airports Company (NAC) has fallen victim to a cyberattack by the INC Ransomware Group, which claims to have stolen 500GB of sensitive data, including financial records, human resources information, and customer details. The breach was first detected on Thursday night, following unauthorized activity within NAC’s network systems, as confirmed by the Communications Regulatory Authority of Namibia (CRAN).

The INC Ransomware Group, a known cybercriminal organization with a history of targeting both public and private sectors globally, announced the attack on 19 March 2026, threatening to release the stolen data once a countdown timer expires a tactic designed to pressure the company into meeting their demands. This marks the second attack by the group in Namibia, following a previous breach of the Otjiwarongo Municipality in 2025.

The Namibia Cyber Security Incident Response Team (Nam-CSIRT) had earlier revealed the NAC breach on Monday, after detecting disruptions in the company’s systems. The INC group employs a double-extortion method, stealing data while also encrypting systems to force compliance. Authorities are actively monitoring the situation, though NAC has yet to issue an official statement.

The incident comes amid a surge in cyber threats in Namibia, with Nam-CSIRT reporting over 535,000 vulnerabilities and 195,661 cyber events between October and December 2025. Other active ransomware groups, including Genesis and Benzona, have also been targeting organizations, with Benzona demanding payment within 72 hours of locking systems.

Recent months have seen a sharp rise in cyberattacks across Namibia, with 1.1 million threats and nearly one million vulnerabilities recorded in the first half of 2025. High-profile victims include Telecom Namibia (December 2024) and Paratus (2025), while the Namibia Students Financial Assistance Fund (NSFAF) suffered a data breach in October 2025, exposing the personal information of 7,000 students. The government is currently drafting a data protection bill to strengthen cybersecurity measures and safeguard digital systems.

Source: https://www.observer24.com.na/hackers-who-hit-otjiwarongo-municipality-now-after-nac/

Namibia Airports Company Limited cybersecurity rating report: https://www.rankiteo.com/company/namibia-airports-company-limited

Telecom Namibia cybersecurity rating report: https://www.rankiteo.com/company/telecomnamibia

Paratus Group cybersecurity rating report: https://www.rankiteo.com/company/paratus-africa

"id": "NAMTELPAR1773995423",
"linkid": "namibia-airports-company-limited, telecomnamibia, paratus-africa",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Airports/Aviation',
                        'location': 'Namibia',
                        'name': 'Namibia Airports Company (NAC)',
                        'type': 'Organization'}],
 'data_breach': {'data_encryption': 'Yes',
                 'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Financial records',
                                              'Human resources information',
                                              'Customer details']},
 'date_detected': '2026-03-19',
 'date_publicly_disclosed': '2026-03-19',
 'description': 'The Namibia Airports Company (NAC) has fallen victim to a '
                'cyberattack by the INC Ransomware Group, which claims to have '
                'stolen 500GB of sensitive data, including financial records, '
                'human resources information, and customer details. The breach '
                'was first detected on Thursday night, following unauthorized '
                'activity within NAC’s network systems, as confirmed by the '
                'Communications Regulatory Authority of Namibia (CRAN).',
 'impact': {'data_compromised': '500GB of sensitive data',
            'identity_theft_risk': 'High',
            'operational_impact': 'Disruptions in company’s systems',
            'systems_affected': 'NAC’s network systems'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain, Data extortion',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'INC Ransomware'},
 'references': [{'source': 'Communications Regulatory Authority of Namibia '
                           '(CRAN)'},
                {'source': 'Namibia Cyber Security Incident Response Team '
                           '(Nam-CSIRT)'}],
 'regulatory_compliance': {'regulatory_notifications': 'Communications '
                                                       'Regulatory Authority '
                                                       'of Namibia (CRAN), '
                                                       'Namibia Cyber Security '
                                                       'Incident Response Team '
                                                       '(Nam-CSIRT)'},
 'response': {'enhanced_monitoring': 'Authorities actively monitoring the '
                                     'situation'},
 'threat_actor': 'INC Ransomware Group',
 'title': 'Namibia Airports Company Hit by INC Ransomware Group',
 'type': 'Ransomware'}