The official State House President website, president.go.ke, was hacked early this morning, with its homepage replaced by a ransom message directed at President William Ruto.
Journalists at Kenyans.co.ke were the first to notice the defacement and report it.
The altered homepage carried accusations against the president along with a cryptocurrency wallet address and a demand for payment. The attackers asked for 5 bitcoins and warned they would leak unnamed information about Ruto if the money wasn’t sent by 6 PM this evening.
Based on today’s exchange rate, with one bitcoin trading around KES 8.27 million, the demand worked out to roughly KES 41 million.
The message also claimed this was the third warning sent, though no earlier public notice of such threats had surfaced. Alongside the ransom text, the hackers changed the site’s banner to reference three individuals, even as the State House branding stayed visible in the background.
State House confirmed the breach once contacted and said its ICT team was handling the situation. Shortly after the story broke, the website was taken offline, and it remained inaccessible to the public for hours afterward. Anyone trying to visit the page was met with an error instead.
ICT Cabinet Secretary William Kabogo addressed the incident in a statement later today, saying the ICT Authority had triggered its standard cybersecurity response procedures as soon as the breach was detected.
He said the website was pulled down deliberately so investigators could carry out forensic checks and begin restoring the system safely.
Kabogo was firm that no sensitive government data appeared to have been touched. He said there was no sign that anyone had accessed protected information, copied it, or removed it from government systems, adding that other digital services run by the state were still functioning normally.
He also posted on X that the agencies responsible for protecting government websites were actively dealing with the matter.
By the time of these statements, officials had not said who was behind the attack or how the hackers managed to get in.
The ICT Authority said it was working with other government bodies and outside technical experts to figure out exactly what happened and how deep the breach went, including whether it reached beyond the homepage into the site’s back-end systems.
This is not the first time government websites in Kenya have come under attack. In November 2025, a wider cyberattack hit multiple ministry websites at once, including those belonging to Health, Education, Labor, Environment, ICT, Tourism, Interior, and State House.
That attack left several portals defaced or completely inaccessible, with some pages showing extremist content instead of official information. The Ministry of Defence and the National Treasury were among the few institutions that escaped that particular incident untouched.
At the time of writing, investigations into the latest breach were still ongoing, and the government had not given a timeline for when president.go.ke would be fully restored.




























