Swiss federal authorities are grappling with a significant cybersecurity incident following a successful ransomware attack on Radix organization, which resulted in the compromise of sensitive data from multiple government agencies. This breach highlights the growing threat to government institutions through attacks targeting their contractors and third-party partners.
Radix Ransomware Attack Details
The Zurich-based nonprofit organization Radix, which specializes in promoting healthy lifestyle initiatives, fell victim to operators from the Sarcoma ransomware group on June 16, 2025. The organization operates eight competency centers that execute various projects commissioned by Switzerland’s federal government, cantonal, and municipal authorities.
The attack followed a classic double extortion ransomware scheme: cybercriminals first exfiltrated data from corporate systems before encrypting it to maximize impact on the victim. When ransom negotiations failed, the hackers published the stolen information on dark web forums on June 29, 2025.
Scale of Data Compromise
The volume of compromised data reached a substantial 1.3 terabytes of information, containing:
• Scanned confidential documents
• Financial data and reports
• Government organization contracts
• Internal communications and correspondence
Switzerland’s National Cyber Security Centre (NCSC) is currently conducting a comprehensive analysis of the breach to determine the complete list of affected government institutions and assess potential damage.
Sarcoma Ransomware Group Profile
The Sarcoma group emerged on the cybercriminal scene relatively recently in October 2024 but quickly established itself as one of the most aggressive ransomware operations. During their first month of activity, Sarcoma claimed 36 companies as victims, demonstrating high operational tempo and effectiveness.
Among Sarcoma’s most notable attacks was the breach of Taiwanese printed circuit board manufacturer Unimicron, confirming the group’s capability to target large industrial enterprises across different sectors.
Post-Incident Security Recommendations
Radix representatives issued personalized notifications to all affected parties and recommend the following precautions in the coming months:
• Maintain heightened vigilance against suspicious communications
• Exercise caution regarding phishing attacks designed to harvest passwords
• Avoid providing banking card details in response to unverified requests
• Update credentials and passwords for mission-critical systems
Emerging Threat Pattern Against Government Contractors
The Radix incident represents the second successful attack on Swiss government contractors in recent years. In 2023, Play ransomware operators compromised IT company Xplain, which provides technological solutions for various government departments and the country’s armed forces. That attack resulted in the leak of 6,500 confidential federal government files.
This pattern underscores the critical importance of ensuring cybersecurity not only within government structures but also among their partners and contractors. Threat actors increasingly employ strategies targeting less-protected third-party organizations to gain access to government data. Swiss authorities must strengthen cybersecurity requirements for contractors and regularly conduct audits of their defensive measures to prevent similar incidents in the future.
The evolving threat landscape demands a comprehensive approach to supply chain security, where government agencies must extend their security perimeter to include all third-party vendors with access to sensitive information. Organizations serving government clients should implement robust cybersecurity frameworks, including regular penetration testing, employee security awareness training, and incident response planning to protect against sophisticated ransomware operations like Sarcoma.
