Swiss Government Data Exposed in Radix Ransomware Attack by Sarcoma Group

CyberSecureFox 🦊

Swiss federal authorities are grappling with a significant cybersecurity incident following a successful ransomware attack on Radix organization, which resulted in the compromise of sensitive data from multiple government agencies. This breach highlights the growing threat to government institutions through attacks targeting their contractors and third-party partners.

Radix Ransomware Attack Details

The Zurich-based nonprofit organization Radix, which specializes in promoting healthy lifestyle initiatives, fell victim to operators from the Sarcoma ransomware group on June 16, 2025. The organization operates eight competency centers that execute various projects commissioned by Switzerland’s federal government, cantonal, and municipal authorities.

The attack followed a classic double extortion ransomware scheme: cybercriminals first exfiltrated data from corporate systems before encrypting it to maximize impact on the victim. When ransom negotiations failed, the hackers published the stolen information on dark web forums on June 29, 2025.

Scale of Data Compromise

The volume of compromised data reached a substantial 1.3 terabytes of information, containing:

• Scanned confidential documents
• Financial data and reports
• Government organization contracts
• Internal communications and correspondence

Switzerland’s National Cyber Security Centre (NCSC) is currently conducting a comprehensive analysis of the breach to determine the complete list of affected government institutions and assess potential damage.

Sarcoma Ransomware Group Profile

The Sarcoma group emerged on the cybercriminal scene relatively recently in October 2024 but quickly established itself as one of the most aggressive ransomware operations. During their first month of activity, Sarcoma claimed 36 companies as victims, demonstrating high operational tempo and effectiveness.

Among Sarcoma’s most notable attacks was the breach of Taiwanese printed circuit board manufacturer Unimicron, confirming the group’s capability to target large industrial enterprises across different sectors.

Post-Incident Security Recommendations

Radix representatives issued personalized notifications to all affected parties and recommend the following precautions in the coming months:

• Maintain heightened vigilance against suspicious communications
• Exercise caution regarding phishing attacks designed to harvest passwords
• Avoid providing banking card details in response to unverified requests
• Update credentials and passwords for mission-critical systems

Emerging Threat Pattern Against Government Contractors

The Radix incident represents the second successful attack on Swiss government contractors in recent years. In 2023, Play ransomware operators compromised IT company Xplain, which provides technological solutions for various government departments and the country’s armed forces. That attack resulted in the leak of 6,500 confidential federal government files.

This pattern underscores the critical importance of ensuring cybersecurity not only within government structures but also among their partners and contractors. Threat actors increasingly employ strategies targeting less-protected third-party organizations to gain access to government data. Swiss authorities must strengthen cybersecurity requirements for contractors and regularly conduct audits of their defensive measures to prevent similar incidents in the future.

The evolving threat landscape demands a comprehensive approach to supply chain security, where government agencies must extend their security perimeter to include all third-party vendors with access to sensitive information. Organizations serving government clients should implement robust cybersecurity frameworks, including regular penetration testing, employee security awareness training, and incident response planning to protect against sophisticated ransomware operations like Sarcoma.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.