
Senegal’s General Directorate of Taxes and Property (DGID) restored full access to its website on Friday, October 3, following a temporary shutdown caused by a computer intrusion.
Authorities confirmed that the situation is under control, with alternative measures ensuring taxpayers could complete transactions in person.
The emerging cybercriminal group Black Shrantac is suspected of orchestrating the attack.
Initial reports suggested a ransom demand of $10 million, but investigations indicate the actual amount sought was around $250,000 (approximately 140 million FCFA).
DGID emphasized that a service continuity plan had been implemented, allowing users to carry out essential transactions at physical counters with secure receipts.
According to the cybersecurity monitoring service SaxX, Black Shrantac has been under surveillance since late August.
The group’s methods typically involve data exfiltration, partial uploads of stolen information as proof, and a dual approach combining ransom demands with the sale of data to third parties. So far, the group has claimed responsibility for a limited number of operations in India and Turkey.
The hackers assert they obtained up to 1TB of sensitive DGID data, including tax returns, business and personal files, technical network details, HR records such as passports and social security numbers, and legal and executive documents. However, public analyses on the dark web suggest that the actual data available may be less sensitive than initially reported.
This incident occurs amid a wider surge in digital threats across Africa. At GITEX Africa 2025, cybersecurity firm Kaspersky highlighted a 14% rise in spyware attacks and a 26% increase in malware aimed at stealing passwords.
In 2024, the continent experienced over 131.5 million web-based threats, disproportionately affecting businesses and public institutions. Experts advise organizations to strengthen endpoint security, restrict unsecured remote access, regularly back up sensitive information, and adopt robust authentication protocols.
The DGID reassured the public that preventive measures have been reinforced and that the continuity plan is designed to minimise disruption. As of October 3, the DGID’s online services are once again fully operational, signalling a swift recovery from the cyberattack.