Cyber Incident Victim: Nama Khoi Municipality

The Nama Khoi Municipality in South Africa's Northern Cape Province experienced a ransomware attack compromising its ICT systems, with initial compromise occurring on or around November 29, 2020, according to threat actor Pysa's leak site. Municipal Chief Information Officer Brandon Love confirmed the incident publicly on December 9, 2020, describing it as a ransomware virus infection that disrupted operations. Attackers affiliated with the Pysa ransomware group claimed responsibility and began leaking stolen data on their dedicated leak site without first issuing a ransom demand to the municipality, contrary to typical ransomware group behavior. DataBreaches.net verified the attack timeline through the threat actors' announcement and analyzed samples of the exfiltrated data, which consisted primarily of public records rather than sensitive internal documents.

Municipal authorities engaged in restoration efforts to recover affected systems, though Love's statements indicated ongoing operational challenges stemming from the attack. The absence of any pre-leak ransom demand created uncertainty about the attackers' motives, as Pysa typically extorts victims before publishing data. No evidence suggested the municipality received or ignored ransom communications prior to the data dump. The leaked information's predominantly public nature reduced potential privacy impacts but indicated attackers had accessed municipal networks and exfiltrated data. System recovery timelines and specific containment measures were not detailed in public statements. Pysa maintained the attack listing on their leak site without further updates regarding additional demands or data releases at the time of reporting.