AjiNovaAjiNova
Cybersecurity

Hackers Just Defaced President Ruto's Website and Demanded Ksh 41 Million in Bitcoin

Kenya's presidential website, president.go.ke, was defaced on Saturday July 18, 2026, after hackers replaced the homepage with messages targeting President William Ruto and demanded five bitcoins — worth roughly Ksh 41 million — threatening to release unspecified information unless paid by 6pm. This is the second time in less than a year that State House's online presence has been compromised.

A
AjiNova
5 min read
Hackers Just Defaced President Ruto's Website and Demanded Ksh 41 Million in Bitcoin
Photo: Photo by Kevin Horvat on Unsplash

Kenya woke up on Saturday to news that the official website of the presidency had been hijacked.

Visitors attempting to access president.go.ke on July 18, 2026, were met with a defaced homepage carrying inflammatory messages directed at President William Ruto. Alongside the political messaging, the attackers embedded a cryptocurrency wallet address and issued a stark ultimatum: pay five bitcoins by 6pm or face the public release of unspecified information.

Based on the day's exchange rate, five bitcoins translated to roughly Ksh 41.3 million, with each bitcoin trading at approximately Ksh 8.27 million.

The message on the defaced site read in part: "This message is the third time for you; before we leak everything about you. Do a payment of 5 bitcoins... If you want peace before 6 o'clock this evening."

The government's response

Information, Communications and the Digital Economy Cabinet Secretary William Kabogo moved quickly to acknowledge what he carefully described as an "incident" rather than a hack. In a statement posted on social media, Kabogo said the ICT Authority had detected the attack and immediately activated its cybersecurity incident response protocols.

"Access to the Presidential website was temporarily restricted to facilitate containment, forensic analysis and restoration efforts," he said, adding that there was "no evidence" that sensitive government data had been accessed or stolen.

State House confirmed it was aware of the situation and that its technical team was handling the matter. No suspects have been publicly identified, and the government had not given a restoration timeline at the time of writing.


Not the first time

This attack is the second major breach of the presidential website in under twelve months. In November 2025, a coordinated cyberattack disrupted multiple government platforms simultaneously, including State House, and the ministries of Interior, Health, Education, ICT, Labour, and Tourism. During that incident, defaced pages displayed ideological messages including references to white nationalist slogans. A group identifying itself as PCP@Kenya was accused by Interior PS Raymond Omollo of being behind that attack.

Platforms including eCitizen, NTSA, the Judiciary, the Kenya National Examinations Council, and the National Police Service were unaffected in that November incident. The Ministry of Defence and the National Treasury similarly escaped disruption.

Kenya's growing digital exposure

The timing of these recurring attacks is not coincidental. Kenya has been one of Africa's most aggressive adopters of digital government services, funnelling thousands of public services through online platforms like eCitizen. That ambition has made the country both a model for African digital transformation and a high-value target for cybercriminals.

The Communications Authority of Kenya reported that the National Kenya Computer Incident Response Team detected 3.37 billion cyber threat events in the first quarter of 2026 alone. While that figure declined slightly compared to previous quarters, the sheer scale of probing against Kenya's digital infrastructure illustrates the problem clearly.

In May 2026, the Kenya National Highways Authority was paralysed by a sophisticated ransomware attack. In 2023, the hacking group Anonymous Sudan brought eCitizen to its knees with distributed denial of service attacks, disrupting passport applications, e-visas, driving licences, and M-Pesa payments simultaneously.

Kenya's answer: a new agency

President Ruto responded to the pattern of attacks by signing the National Cybersecurity Agency Order in May 2026, establishing an autonomous regulatory body with a mandate to coordinate national cybersecurity efforts across government and the private sector. Parliament approved the agency in June.

The new National Cybersecurity Agency has been allocated Ksh 4 billion to operationalise its mandate, which includes managing a National Cybersecurity Operations Centre, conducting audits of critical infrastructure, and enforcing compliance across both public and private sector digital networks. Its board brings together representatives from the National Treasury, ICT Ministry, Attorney General's Office, Kenya Defence Forces, the National Intelligence Service, and the private sector.

Whether that agency will be operational in time to prevent the next attack is the question Kenyans are now asking.

What this means for everyday Kenyans

For ordinary citizens, the most immediate concern is not the ransom demand itself but what the recurring vulnerability of government websites signals about the broader security of their personal data held on platforms like eCitizen.

Every Kenyan who has applied for a passport, renewed a driving licence, or registered a business online has submitted sensitive personal information to government digital systems. While authorities have repeatedly assured the public that no citizen data was compromised in these incidents, the pattern of breaches erodes that confidence with each new attack.

For businesses, the picture is similarly concerning. A cyber incident affecting government platforms can cascade into payment disruptions, service delays, and reputational damage for Kenya's digital economy at a time when the country is positioning itself as a technology hub for the continent.

The ransom was not paid according to government sources. The deadline passed. Whatever the hackers threatened to release has not surfaced publicly. But the website remains a symbol of a vulnerability that Kenya's growing digital ambitions cannot afford to keep ignoring.

Tags:Kenya cybersecuritypresident.go.ke hackedWilliam Rutocyberattack Kenyabitcoin ransom KenyaICT Authority KenyaNational Cybersecurity AgencyKenya tech newsgovernment hack Kenya
Article Info
AuthorAjiNova
Read time5 min
CategoryCybersecurity
A
AjiNova
Published by the AjiNova editorial team. Covering technology, startups, AI, software engineering, and emerging innovation.

Need help building software?

Talk to the AjiNova team about web applications, mobile platforms, AI integrations, and cloud solutions.

Start a ProjectMore Articles
Keep Reading
Chat with us