In recent years, Switzerland has experienced an increase in ransomware attacks affecting both public institutions and private companies. These attacks have led to significant financial losses, disrupted critical infrastructures, and compromised sensitive data.
Targets of the Attacks and Known Incidents
The attackers have increasingly focused on lucrative and critical targets, including:
- Media Companies:
- Neue Zürcher Zeitung (NZZ): On March 24, 2023, NZZ fell victim to a ransomware attack by the hacker group “Play.” Confidential data was stolen and encrypted. Since no ransom was paid, the attackers later published sensitive employee data on the dark web.
- CH Media: Also on March 24, 2023, CH Media, which receives IT services from NZZ, was targeted in a similar attack. Data was stolen and later published on the dark web.
- Public Administrations:
- Municipality of Saxon (Valais): On January 22, 2023, the guardianship authority of the municipality of Saxon was the victim of a cyberattack. Data was stolen and disseminated on the dark web.
- Educational Institutions:
- Various Schools and Universities: In September 2022, the Cybersecurity and Infrastructure Security Agency (CISA) warned of increased attacks by the hacker group “Vice Society” on educational institutions in Switzerland and Germany. This group uses known ransomware toolkits such as “Hello Kitty” and “Zeppelin.”
- Healthcare Sector:
- Publicare: At the end of November 2022, Publicare, a Swiss healthcare service provider, was targeted in a ransomware attack. Data was stolen and published.
Perpetrators Behind the Attacks
Several hacker groups are responsible for the recent ransomware attacks in Switzerland:
- Play (also Play Ransomware or PlayCrypt): This group emerged in 2022 and has attacked targets in the USA, Brazil, Argentina, Germany, Belgium, and Switzerland. They use the “.play” file extension for encrypted data and leave messages containing the word “PLAY” and an email address.
- Vice Society: A hacker group responsible for ransomware attacks on healthcare and educational institutions. They utilize known ransomware toolkits like “Hello Kitty” and “Zeppelin” and have targeted entities in both Europe and the USA.
Damages Caused by Ransomware Attacks
The damages resulting from ransomware attacks are multifaceted and include:
- Financial Losses: Companies and institutions incur costs due to operational disruptions, data and system recovery, and potential ransom payments.
- Reputational Damage: The loss or publication of sensitive data can significantly undermine the trust of customers and partners.
- Operational Disruptions: The encryption of data and systems can severely disrupt or completely halt the operations of organizations.
Potential Countermeasures
To protect against ransomware attacks, companies and institutions should implement the following measures:
- Regular Backups: Regularly create and securely store backups of important data to ensure access to current data in the event of an attack.
- Employee Training: Educate employees about phishing and other social engineering techniques to minimize the risk of successful attacks.
- System Updates: Keep operating systems and software up to date to close known security gaps.
- Network Segmentation: Divide your network into different segments to prevent the spread of malware in the event of an attack.
- Incident Response Plan: Develop an emergency plan for dealing with security incidents to enable quick and effective responses in critical situations.
The threat posed by ransomware is real and continues to grow in Switzerland. However, through proactive measures and increased security awareness, organizations can minimize the risk and strengthen their resilience against such attacks.