Source: www.infosecurity-magazine.com – Author:
Government data from the Swiss Federation has been exposed on the dark web following a cyber-attack targeting Radix, a Swiss health foundation.
On June 30, the Zurich-based nonprofit released a statement in German, stating that it had been hit by a ransomware attack on June 16 and that the culprit, the Sarcoma ransomware group, published the stolen data on its leak page on June 29.
The organization explained that it revoked access to the affected data after detecting the attack and that it retains all data intact in backups.
Although the intrusion method remains unknown, Radix has partnered with the Swiss Federal Office for Cybersecurity to investigate the attack.
It has also contacted the Federal Data Protection and Information Commissioner (FDPIC), the Data Protection Officer of the Canton of Zurich and the Zurich City Police.
“Affected individuals have been notified personally if particularly sensitive personal data may have been involved. Based on the current state of knowledge, there is no indication that sensitive data of partner organizations was affected,” said the message.
Swiss Government Data Likely Compromised
However, this latter comment has quickly been challenged by the Swiss government itself. In a public statement also published on June 30, the Swiss Federation acknowledged that Radix’s customers include various federal offices. Therefore, government data is likely to have been compromised.
“Investigations are currently underway to determine the specific units and data affected by the attack. As Radix has no direct access to Federal Administration systems, the attackers did not gain entry to these systems at any time,” said the Swiss government message.
In a June 24 statement, the Swiss Federal Office of Public Health made it clear that Radix’s anonymous counseling services, SafeZone and StopSmoking, were unaffected by the attack, as they run on infrastructure separate from the nonprofit’s main network.
In its advisory, Radix recommended that individuals remain especially vigilant against possible phishing attacks over the next few months, as impersonators may attempt to deceive them by masquerading as legitimate senders, such as banks, authorities, or colleagues, to obtain passwords, credit card numbers, or access credentials.
Lee Driver, VP of managed security services at Ekco, highlighted that the incident is “yet another reminder” of the ripple effect a cyber-attack can have.
“With data already appearing on the dark web, we’re likely to see further implications as investigators identify which departments and datasets were affected. This kind of breach reinforces the importance of comprehensive attack surface management, not just point-in-time assessments, but continuous visibility into how suppliers store, process, and protect information,” he added.
Background on the Sarcoma Ransomware Group
Sarcoma is a ransomware group that was first discovered in late 2024. According to the ransomware tracking website Ransomware.live, the group has claimed 116 victims so far, including 21 in the US, 12 in Italy and 11 in Canada.
Andrew Costis, engineering manager of the Adversary Research Team at AttackIQ, commented: “Sarcoma is known for implementing double extortion tactics, where members are pressured into paying ransoms to avoid information being leaked.”
The group claimed responsibility for a February cyber-attack against Unimicron, a printed circuit board manufacturer in Taiwan.
Sarcoma’s top targeted industry is manufacturing, with 21 claimed victims, followed by 11 business services victims.
Original Post URL: https://www.infosecurity-magazine.com/news/ransomware-radix-swiss-government/
Category & Tags: –
Views: 1