Swiss Government Data Stolen in Major Ransomware Attack
▼ Summary
– A ransomware attack on Swiss non-profit Radix led to the theft and dark web leak of sensitive data from Swiss federal offices.
– The Swiss government and National Cyber Security Centre (NCSC) are analyzing the exposed data to assess impact on affected agencies.
– The attack was carried out by Sarcoma ransomware group, which stole and encrypted Radix’s data after breaching its systems on June 16.
– Sarcoma published 1.3TB of Radix’s data, including financial records and contracts, for free on their dark web portal after failed extortion.
– This follows a similar 2023 breach via third-party provider Xplain, which leaked 65,000 sensitive Swiss government documents.
Swiss authorities have confirmed a significant data breach after hackers infiltrated systems at Radix, a third-party organization working with federal offices. Sensitive government information was stolen and later appeared on dark web forums, prompting an urgent investigation by Switzerland’s National Cyber Security Centre (NCSC). Officials are working to assess the full scope of the incident and identify which agencies may be affected.
Radix, a Zurich-based nonprofit focused on public health initiatives, disclosed that Sarcoma ransomware operators breached its networks on June 16. The attackers exfiltrated data before encrypting systems, a common tactic among cybercriminal groups. By June 29, the stolen files, reportedly spanning 1.3TB, were leaked on Sarcoma’s dark web portal after failed ransom negotiations. The dump allegedly includes financial records, contracts, and internal communications, now freely accessible to malicious actors.
Sarcoma has quickly gained notoriety since emerging in late 2024, with at least 36 victims targeted in its first month of operation. The group often exploits phishing campaigns, outdated vulnerabilities, and supply-chain weaknesses to infiltrate networks. Once inside, they leverage Remote Desktop Protocol (RDP) connections to spread laterally before exfiltrating and encrypting data. Their attack on Radix follows a similar pattern, though the organization claims no evidence suggests partner data was compromised.
Affected individuals have received personalized alerts, with Radix advising heightened caution against phishing attempts or fraudulent requests for passwords and financial details. This marks Switzerland’s second major third-party breach in just over a year, following the 2023 Play ransomware attack on software provider Xplain, which exposed 65,000 sensitive federal documents.
The NCSC has yet to release further details as its analysis continues. Cybersecurity experts warn that such incidents underscore the risks posed by third-party vendors handling critical government data. Organizations are urged to prioritize patch management, multi-factor authentication, and employee training to mitigate ransomware threats.
Radix’s leak portal now joins a growing list of high-profile breaches attributed to Sarcoma, including an earlier strike against electronics manufacturer Unimicron. With the group’s activity showing no signs of slowing, authorities worldwide are bracing for further disruptions.
