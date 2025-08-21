Netstar, the vehicle tracking company owned by JSE-listed Altron, has confirmed that it suffered a ransomware attack earlier this year.

This comes after a group called INC Ransom claimed responsibility for the attack and published a cache of data on its dark web leak site, stating that they had exfiltrated 505GB of data.

Examining a sample of the files uploaded suggests that the attackers stole documents exposing the private information of some customers, as well as data such as administrative passwords, invoices, and source code.

“The cybersecurity incident reported in the media on 21 August 2025 relates to an incident that occurred on 23 June 2025,” Netstar stated.

“On this day, Netstar experienced a cybersecurity incident that temporarily impacted some of its operations.”

Netstar revealed that a small subset of on-premise servers were encrypted, but said it was well prepared and able to respond immediately.

“Netstar’s internal teams, supported by external cybersecurity experts, swiftly contained the incident and restored core operations,” it said

“The investigation into the June incident revealed no evidence that customer data was accessed or removed from Netstar systems.”

Netstar said it reported the incident to the Information Regulator at the time and notified affected parties.

“Netstar was not prepared to engage with the criminal actor group called INC Ransom, and therefore, data allegedly from Netstar was published on a site with limited access late yesterday,” it said.

According to a hit counter on INC Ransom’s website, the Netstar leak had been viewed 399 times by noon on Thursday, 21 August.

Netstar said it was aware of INC Ransom’s claims that it had stolen data from its system and was busy investigating in collaboration with leading third-party forensic experts.

“Should new facts emerge, affected parties will be notified and the regulator will be updated without delay,” Netstar assured.

Netstar said that, as part of its commitment to continually enhance its cyber resilience, it had implemented additional safeguards to further strengthen the security of its network, systems, and data.

“The security and reliability of Netstar’s services remain the company’s highest priority,” it said.

Netstar is one of South Africa’s largest vehicle tracking companies. In its latest annual results, Altron reported that Netstar’s subscriber base increased 16% year-over-year to surpass two million users.

Altron reported that Netstar processed over 226 billion data points between 1 March 2024 and 28 February 2025, and has scaled its fleet to over 33,000 assets globally. It also reported EBITDA of R935 million.

The attackers: INC Ransom

According to cybersecurity firm Check Point, INC Ransom first emerged in July 2023 and had publicly announced the successful infiltration of 12 victims by September of that year.

INC Ransom targets vulnerabilities in business services or uses a series of spear-phishing campaigns to compromise user credentials.

Once threat actors have access to a company’s systems, they use the compromised accounts to perform several forms of system scanning.

They will search for other vulnerabilities in the ecosystem, scanning networks, domains, and other connected network devices.

Using compromised accounts, the group will inspect documents, images, and the contents of folders to ensure there is valuable data in the system.

INC Ransom then extracts other available login credentials and accesses multiple company systems, networks, and accounts.

Once they have access to numerous devices and systems in a business, the group deploys payloads that install ransomware onto these endpoints.

The ransomware will encrypt documents and bar company access. Check Point warned that INC Ransom will also use automation to rapidly take over enterprise-scale data systems.

It noted that the group tends to target larger, multinational companies in high-value data industries, including the financial, healthcare, and technology sectors.

INC Ransom rarely targets companies like Netstar, as most of its victims are enterprises in North America, Europe, and, to a lesser extent, Australia.

Professional services, manufacturing, construction, and healthcare are its leading industries in terms of the number of victims.