The Ingonyama Trust, which manages communal land in KwaZulu-Natal, South Africa, has confirmed an attempted ransomware attack on its IT system.
The attack, attributed to the NightSpire group, was detected on June 2nd, 2025, and is under active investigation.
Speaking to Tech Central, the Trust said it took affected systems offline to prevent further compromise and engaged cybersecurity specialists to assess the breach.
“As soon as we became aware of the incident, we took the affected systems offline to prevent further compromise and engaged an independent specialist cybersecurity company to investigate and strengthen our systems,” said acting CEO Siyadumisa Vilakazi.
What is the extent of the attack?
NightSpire, on June 1, posted on their dark web portal that they had access to the Trust’s systems and exfiltrated 30GB of data.
Ingonyama Trust manages land data covering 2.8 million hectares in KwaZulu-Natal, alongside 250 traditional councils and 5.2 million residents, potentially putting sensitive geographical and personal data at risk.
Was any data confirmed leaked?
No evidence of a data leak has been confirmed. However, the Trust admitted that administrators and user accounts were locked out, and a ransom was demanded as well.
Will affected individuals be informed?
The Trust committed to notifying affected parties transparently and in line with legal obligations if any risks to personal or sensitive data are discovered.
“Should any risks to personal or sensitive information be identified, [the board] commits to promptly and transparently notifying affected parties in line with legal and ethical obligations,” Vilakazi said.
How is the Trust mitigating the attack?
The Trust insists its core IT systems remain stable despite the attempted breach.
Critical system functions were restored using backups, and key communication channels, including phones and email, remained operational.
They also said they’ve engaged cybersecurity specialists to mitigate the attack.
Who is NightSpire?
NightSpire is a ransomware group driven by monetary gains. They use double extortion to steal and encrypt sensitive data.
Double extortion is when attackers steal data and encrypt it, then threaten to leak it unless a ransom is paid.
In Africa, NightSpire has targeted government agencies and private organizations, including an attack on Egypt’s Future Microfinance Association in April 2025. The attack compromised 8 gigabytes of data.
About Author
