Ransomware victim disclosure
← All victimsMinistry of Health Rwanda
listed as moh.gov.rw · Claimed by Babuk2 · listed 1 year ago
Status timeline
- ListedMar 31, 2025
- Data leakeddate unknown
At a glance
- Group
- Babuk2
- Status
- Data leaked
- Country
- Rwanda
- Sector
- Public Sector
- Listed on leak site
- Mar 31, 2025
About the victim
AI dossier — public-source company profileThe Ministry of Health (MoH) of Rwanda is the government department responsible for health policy, disease surveillance, immunization programs, and public health initiatives across Rwanda. The ministry oversees national health workforce reform, maternal health, malaria control, HIV/AIDS treatment, and emergency disease response including Ebola and Marburg outbreak monitoring.
- Industry
- Public Health Administration
- Address
- RURA Building, Kiyovu (Péage), Nyarugenge District, Kigali, Rwanda
Attack summary
Severity: critical — Attack on a national health ministry represents critical infrastructure compromise. Even without explicit proof of data exfiltration, access to health surveillance systems, patient data, disease outbreak information, and government health infrastructure poses severe public health and national security risk.Babuk2 ransomware group claims to have attacked moh.gov.rw (Rwanda's Ministry of Health). The leak post contains minimal detail; no specific claims about encryption, exfiltration, or data types are stated in the available excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Government health records
- Public health surveillance data
- Ministry administrative systems
What the group claims
moh.gov.rw
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

