Kenya's Presidential Website Hacked, Attackers Demand KSh 41 Million Ransom in Bitcoin

In November 2025, Kenya experienced a coordinated cyberattack that defaced websites belonging to multiple ministries and state agencies—including Health, Education, Labour, Environment, ICT, Tourism and Interior—disrupting public services across the government.
The defaced president.go.ke homepage displayed a banner referencing three individuals, with State House branding only faintly visible in the background.
Attackers embedded a live cryptocurrency wallet address on the defaced page to receive the ransom of five Bitcoins, reported as part of the incident.
ICT Authority detected the breach and activated its cybersecurity response protocols, with access to president.go.ke temporarily restricted to facilitate containment, forensic analysis and restoration.
Hackers broke into Kenya's presidential website, president.go.ke, on July 18, 2026, defacing the homepage and demanding five Bitcoins — worth about KSh 41.3 million — before a 6:00 p.m. deadline, according to People Daily and Radio 47. The attackers displayed a live cryptocurrency wallet address directly on the site, making the ransom demand visible to anyone who visited.
The Ministry of Information, Communications and the Digital Economy confirmed the breach, Radio 47 reported. Authorities temporarily blocked access to the site while security teams worked to contain the damage, run forensic checks, and restore the page.
The attackers replaced the presidential website's homepage with a banner that named President William Ruto and two other individuals, according to Dawan Africa. State House branding was barely visible in the background. The message was a direct, public challenge to the Kenyan head of state.
A cryptocurrency wallet address was embedded on the defaced page so anyone could send Bitcoin directly to the attackers, People Daily reported. The hackers threatened to keep the site down unless the KSh 41.3 million ransom was paid by their deadline.
Kenya's ICT Authority detected the intrusion and activated its cybersecurity response protocols, Radio 47 reported. The agency temporarily restricted access to president.go.ke to stop further damage. Forensic teams were brought in to analyze how the attackers got in and what, if anything, they took.
State House and government ministries said there is no evidence that sensitive data was stolen, according to People Daily. Still, the breach exposed a clear gap in the security of one of Kenya's most visible public websites. Investigations are ongoing, and no suspects have been named.
This is not Kenya's first major cyberattack. In November 2025, a coordinated assault defaced websites belonging to at least seven ministries — including Health, Education, Labour, Environment, ICT, Tourism, and Interior — disrupting public services across the government, Dawan Africa reported.
That wave of attacks showed that Kenyan government digital infrastructure remains a persistent target. The latest breach, hitting the president's own website, raises fresh questions about whether enough has been done to harden state portals since last year's assault.
Demanding payment in Bitcoin is a common ransomware tactic. Cryptocurrency is hard to trace and easy to move across borders. The five-Bitcoin demand — roughly KSh 41.3 million at current rates — is a significant sum, and there is no public indication the government plans to pay, Radio 47 reported.
Cybersecurity experts generally warn governments against paying ransoms, as it encourages more attacks. Kenya has not said publicly whether the deadline passed without payment or whether the site was fully restored. Investigators have not yet identified who is behind the attack, according to People Daily.
Publishers
13
Articles
4
Reach
17