Netstar, a South African vehicle tracking company, has confirmed that it suffered a ransomware attack earlier this year, following claims made by the INC Ransom group.
Threat intelligence company Hack Manac first reported on 20 August 2025 that INC Ransom had claimed responsibility for breaching Netstar’s systems and allegedly exfiltrating 505GB of sensitive data.
The following day, South African technology news outlet MyBroadBand published a detailed report after directly engaging with Netstar, revealing that the attack occurred on 23 June 2025.
According to MyBroadBand, INC Ransom uploaded a cache of documents on its dark web leak site, claiming they contained administrative passwords, invoices, source code, and private customer information.
As of noon on 21 August, the group’s hit counter indicated the data had been viewed 399 times.
Netstar comments on the hack
Netstar confirmed that a “small subset of on-premise servers” had been encrypted during the attack, temporarily affecting some of its operations.
“Netstar’s internal teams, supported by external cybersecurity experts, swiftly contained the incident and restored core operations,” the company said.
Netstar, however, disputed claims of large-scale data theft. “The investigation into the June incident revealed no evidence that customer data was accessed or removed from Netstar systems,” it said.
Netstar also confirmed that it reported the incident to South Africa’s Information Regulator at the time and notified affected parties.
Regarding the leaked data now circulating on INC Ransom’s site, Netstar said it was not prepared to negotiate with the criminal group and is working with third-party forensic experts to determine the authenticity of the files. “Should new facts emerge, affected parties will be notified and the regulator will be updated without delay,” the company assured.
This attack highlights the persistent threat ransomware groups pose to critical infrastructure and data-heavy industries in South Africa.
INC Ransom’s approach aligns with the “double extortion” model, where attackers both encrypt data and threaten to publish it to pressure victims into paying.
The company stated it has implemented additional safeguards following the attack to enhance its cyber resilience. “The security and reliability of Netstar’s services remain the company’s highest priority,” it said.
Also read:
- South Africa Ranks Second Globally for Exposed Healthcare Devices
- South African Media Giant SABC Suffers Business Email Compromise
- Microsoft SharePoint Flaw Hits Organizations in South Africa and Mauritius
About Author
