Côte d'Ivoire, a country with one of the fastest-growing digital economies in West Africa, is facing increasing threats in cyberspace.

On the night of February 8, 2026, hackers attacked the information systems of the national airline Air Côte d'Ivoire. It is one of the country’s largest companies and the main national carrier, with Air France-KLM among its shareholders.

The attack, which resulted in data theft and system disruption, was quickly contained, but the consequences were serious. Responsibility was claimed by the international ransomware group INC Ransom, known for high-profile attacks on government institutions in the United States, Panama, and Hungary.

The scale of the breach is significant: the attackers claim they stole 208 GB of confidential company data, including:

• Personal data of passengers and employees
• Commercial information
• Partner documents

The hackers demanded a ransom (the amount has not been disclosed) and set a deadline for February 24. The airline has not commented on whether negotiations are taking place but confirmed the data breach and notified the French National Cybersecurity Agency (ANSSI) and Côte d’Ivoire’s Telecommunications Regulatory Authority (ARTCI).

Company representatives stated that an investigation involving international specialists is ongoing, and the airline must assess the real scale of the damage to its reputation and customers.

This incident confirms a worrying trend: high stakes - passenger safety, reputation, operational continuity combined with large data repositories make regional airlines an ideal target for ransomware groups.

Simultaneous Warning for the Financial Sector

Almost simultaneously with the airline attack, the national cybersecurity agency ANSSI-CI, through its monitoring and response center CI-CERT, issued an urgent warning about a threat to the financial sector from a new generation of malware called Rhadamanthys.

ANSSI-CI classified the threat as critical, reporting that the malware had been detected in the information systems of several organizations, particularly in some financial institutions in the country.

Rhadamanthys is advanced malware targeting Windows operating systems. Its purpose is to secretly steal important data: logins and passwords, bank card details, cryptocurrency wallet data, browser session data to bypass two-factor authentication.

The malware spreads through fake software updates, pirated programs, fraudulent advertisements and phishing emails (learn how to protect against phishing using DLP at link)

In the financial sector, the consequences of such attacks can be catastrophic – from direct theft of funds to large-scale fraud and leaks of customer data. Experts warn that infected machines can be used as a foothold for further attacks within banking infrastructure.

ANSSI urges banks, financial institutions, and all users to remain extremely vigilant and immediately implement protective measures, including strict update policies, proper user access management, the deployment of security solutions to monitor suspicious network activity, employee training, and mandatory reporting of any incidents to CI-CERT.

A Turning Point for Cybersecurity in the Country

The cyberattack on Air Côte d'Ivoire and the growing threats to the financial sector highlight the need to prioritize cybersecurity at all levels: improving digital literacy, investing in protection, and implementing advanced security systems. Attackers see Côte d'Ivoire as a vulnerable target, where cybersecurity protections lag behind the pace of digitalization.

The attack on the airline was a clear warning: protecting critical infrastructure requires fundamentally different levels of investment. The presence of Rhadamanthys in the banking sector shows that attackers may already be inside the perimeter, methodically extracting data while businesses continue to underinvest in security.

For Côte d'Ivoire, this moment may become a turning point. Active regulators, open dialogue, and rapid incident response could create the foundation for systemic changes.

Companies and the public sector face not only a challenge but also an opportunity to reconsider their priorities, rethink their approach to information security, and build comprehensive digital protection.

The wave of data leaks and attacks will continue to grow, and the key question is whether cybersecurity will be viewed not as an expense, but as a critical investment in business and economic resilience.

Companies that want to move beyond simply reacting to incidents and instead build systematic protection should consider next-generation DLP systems as the foundation of digital immunity – enabling control over data transfers, monitoring employee actions, and preventing leaks at early stages.