Radix Ransomware Attack: Confidential Swiss Government Data Leaked on the Dark Web

Radix Ransomware Attack: Confidential Swiss Government Data Leaked on the Dark Web

Date of incident: June 2025

The Confirmed Breach

The Swiss government has confirmed that confidential data from multiple federal offices was stolen following a ransomware attack on Radix, one of its external IT providers. The attack was carried out by Sarcoma, an emerging ransomware group that has recently intensified operations across Europe.

Incident Details

  • Initial infiltration: June 16, 2025.
  • The attackers gained access to Radix’s systems, exfiltrated sensitive information, and only then deployed encryption.
  • Leak: On June 29, the group released a 1.3 TB archive on the dark web containing scanned documents, financial records, contracts, and communications.
  • Radix is currently working with the National Cybersecurity Centre (NCSC) to assess the full impact on government entities.

Actions Taken

Radix has directly notified affected clients and insists that no evidence points to damage beyond the impacted federal offices. However, authorities are urging extreme caution against:

  • Targeted phishing campaigns.
  • Credential theft attempts.
  • Financial fraud schemes using the leaked data.

Supply Chain Security Concerns

This case reignites concerns around digital supply chain security. In 2023, another provider, Xplain, was compromised, exposing sensitive data belonging to the Swiss federal administration. The recurrence of such incidents demonstrates how attackers increasingly exploit third-party providers as entry points into critical infrastructure.

Recommended Measures

  • Continuously monitor digital accounts and associated services.
  • Strengthen access controls using multifactor authentication (MFA).
  • Review third-party vendor security and update contractual requirements.
  • Educate staff and users on recognizing phishing and social engineering attempts.

Conclusion

The Radix ransomware attack highlights the vulnerability of critical service providers and the need for stronger collaborative cybersecurity strategies between governments and the private sector. For citizens and employees potentially exposed, the main recommendation is to remain vigilant against suspicious activity and reinforce the security of all digital accounts.