Source: www.fortra.com – Author: Graham Cluley
The Swiss government has issued a warning after a third-party service provider suffered a ransomware attack, which saw sensitive information stolen from its systems and leaked onto the dark web.
Radix a non-profit health foundation, works with various federal administrations across Switzerland in areas such as promoting good nutrition, healthy exercise, and helping individuals deal with addiction, and mental and sexual health issues.
According to a statement issued by Radix, the organisation suffered a cyber attack on June 16 “despite its high security standards.”
Radix explained that the Sarcoma ransomware group had susequently published the stolen data on its dark web leak site on June 29 2025.
Sure enough, if you visit Sarcoma’s leak site you will find Radix listed amongst its recent victims, and a free-to-download link to what appears to be a 1.3TB worth of scanned documents, contracts, communications, and financial documents.
Who is the Sarcoma ransomware group?
Sarcoma is a relatively new ransomware group, having first emerged last year, and quickly claiming a number of high profile victims including Taiwanese printed circuit board (PCB) manufacturer Unimicron and print group TMA.
According to a Bleeping Computer report, Sarcoma typically breaks into organisations through targeted phishing emails, the exploitation of old vulnerabilities, and supply-chain attacks. Once within the organisation, they will take advantage of RDP connections to move laterally, discovering more systems to compromise and data files to exfiltrate and ultimately encrypt.
Data files encrypted by Sarcoma are easily identifiable by the ransomware changing their names to have a .sarcoma extension.
Radix says that it revoked access to the sensitive data as soon as the attack was discovered, and that it will be restoring encrypted data from backups.
It makes a point of saying that it has informed indviduals impacted by the breach and says that presently it does not believed that sensitive data from partner organisations has been included in the malicious hackers’ haul.
For its part, the Swiss government says that it is currently investigating “the specific units and data affected by the attack”, and that “as Radix has no direct access to Federal Administration systems, the attackers did not gain entry to these systems at any time.”
The fact that the Sarcoma group has decided to leak the stolen data suggests that no ransom has been paid to the criminals.
Radix is advising individuals to remain vigilant over the coming months, as cybercriminals may attempt to exploit the leaked information to conduct phishing attacks, identity theft, and other forms of attack.
But there are lessons here for organisations too. And one of them is that vendor risk assessments matter. You should not just audit your business’s own security, but also scrutinise the security practices of your suppliers too. Ask them what they are doing to ensure that their defences are hardened as much as possible to prevent the possibility of an attack.
And, don’t forget that incident response plans must also include your suppliers. If a partner is hit, as in the case with this attack against Radix, your organisation must be prepared to act quickly and communicate clearly to all of those who may be impacted.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Fortra.
Original Post URL: https://www.fortra.com/blog/government-attackers-stolen-sensitive-data-ransomware-attack
Category & Tags: Data loss,Guest blog,Malware,Ransomware,data breach,ransomware,Switzerland – Data loss,Guest blog,Malware,Ransomware,data breach,ransomware,Switzerland
Views: 4
