What cyberattack on President Ruto’s website reveals about Kenya’s digital security
A cyberattack that temporarily took down President William Ruto’s official website has put Kenya’s digital security systems under fresh scrutiny, highlighting both the growing sophistication of cyber threats and the country’s response mechanisms.
The incident, detected on July 18, 2026, saw hackers replace the homepage of the presidential website with a ransom demand seeking five bitcoins, equivalent to about Ksh41.3 million. The attackers threatened to release sensitive information if payment was not made before a set deadline.
The government has since confirmed that no sensitive data was accessed or lost, while investigations into the incident continue.
Growing threat to public digital infrastructure
Cabinet Secretary for Information, Communications and the Digital Economy William Kabogo confirmed that the ICT Authority activated its cybersecurity incident response protocols immediately after detecting the breach.
“Upon detection of the incident, ICT Authority immediately activated established cybersecurity incident response protocols,” Kabogo said in a statement.

Access to the website was temporarily restricted to allow containment, forensic analysis and restoration.
The website currently displays a maintenance notice under the ICT Authority, while government procurement services continue through the Electronic Government Procurement portal.
As of July 19, 2026, the site displays a “MAINTENANCE IN PROGRESS” notice, indicating that the platform is under the ICT Authority and directing users to egpkenya.go.ke for government tender services.
Kabogo maintained that there is no evidence of unauthorised access to sensitive government information, data exfiltration or loss of information. He said government digital services remain secure and operational as technical teams continue forensic investigations to determine the source and nature of the attack.
The attack comes at a time when cybercriminals are increasingly targeting government institutions and critical infrastructure globally, with ransomware and website defacement remaining among the most common forms of attack.
Cyberattacks remain a growing challenge
The latest incident reflects broader trends already documented by Kenyan authorities.
In June 2026, the National Computer and Cybercrime Coordination Committee (NC4) reported that more than three billion cyberattacks targeted government systems, cloud infrastructure and critical digital services within a three-month period.
The report showed Nairobi recorded the highest number of cybercrime cases, including unauthorised access to computer systems, computer fraud, identity theft and cyber harassment.
The committee, chaired by Principal Secretary for Internal Security and National Administration Raymond Omollo, has been working with the banking, telecommunications, aviation and energy sectors to strengthen cybersecurity and improve preparedness.

Among its ongoing initiatives is the development of a Rapid Reference Guide aimed at standardising investigation and prosecution of cybercrime cases across the country.
Separately, the Communications Authority of Kenya also reported billions of cyber threat events during the first quarter of 2026, with attacks targeting system infrastructure accounting for the largest share.
Strengthening national cyber resilience
The cyberattack also comes as Kenya strengthens its institutional response to digital threats.
Parliament recently approved the National Cybersecurity Agency Order, 2026, paving the way for the establishment of an autonomous agency responsible for coordinating national cybersecurity policy, protecting critical information infrastructure and overseeing cyber incident response.
The agency will manage the National Cybersecurity Operations Centre, coordinate threat intelligence, conduct security audits and support capacity building across public institutions.
While the attack on the presidential website demonstrates that even high-profile government platforms remain attractive targets, it also illustrates the country’s established response procedures. Immediate detection, temporary restriction of access, activation of incident response protocols and ongoing forensic investigations form part of Kenya’s standard cybersecurity framework.
While the investigations continue and restoration work progresses, the incident underscores the importance of sustained investment in cybersecurity, continuous monitoring and coordinated response mechanisms to safeguard government digital services against increasingly sophisticated threats.














