Swiss Government Data Exposed in Radix Ransomware Attack
A major ransomware attack targeting a Swiss third-party provider has led to the exposure of sensitive federal data. The nonprofit organization Radix, a Zurich-based health promotion group, was compromised by affiliates of the Sarcoma ransomware group. The incident raises serious concerns about third-party cybersecurity risks and government data protection.
What Happened to Radix and Swiss Government Data
The Swiss government confirmed that Radix, which serves multiple federal offices, suffered a ransomware attack resulting in both data theft and encryption. Attackers exfiltrated data and later leaked it on the dark web after failed extortion attempts.
Radix reported that the breach occurred on June 16. Just two weeks later, on June 29, the Sarcoma group published the stolen information on its leak portal. The data set appears to be massive, totaling 1.3TB and including document scans, financial records, contracts, and internal communications. The hackers made this sensitive material available for free.
Who Is Sarcoma and How Did the Attack Unfold
Sarcoma is a fast-growing ransomware group first observed in October 2024. It rapidly gained notoriety with 36 publicly claimed victims in its first month. Sarcoma typically breaches networks using phishing, outdated software vulnerabilities, and compromised supply chains. Once inside, attackers exploit RDP access to move laterally and collect data before encrypting systems.
This playbook appears to have been followed in the Radix case. Although Radix promptly issued notifications to affected individuals, the publication of a 1.3TB archive online poses an ongoing risk. It’s currently unclear how much of the Swiss government’s sensitive data was included, but authorities are investigating in cooperation with the National Cyber Security Centre (NCSC).
Is This a Recurring Problem for the Swiss Government
Unfortunately, yes. This is not the first major data exposure caused by a third-party service in Switzerland. In March 2024, the government acknowledged that Play ransomware had breached another provider, Xplain, in May 2023. That attack led to the leak of 65,000 documents from the Federal Administration, many of which included personal data.
Both incidents point to a systemic vulnerability in outsourcing public service infrastructure to third-party providers that lack strong cybersecurity postures. Despite not being direct government entities, these partners process and store vast amounts of critical information.
How Organizations Can Reduce Exposure to Supply Chain Attacks
This incident underscores the urgency for public institutions and private companies alike to harden their third-party risk management. Attackers increasingly target supply chains to access more valuable upstream systems.
To reduce such risks:
-
Conduct continuous security assessments of vendors
-
Require multi-factor authentication and strong password policies
-
Monitor for signs of lateral movement and data exfiltration
-
Encrypt sensitive data at rest and in transit
Radix has recommended that affected individuals stay vigilant for identity theft attempts, phishing, and credential theft in the coming months. Unfortunately, once data is released on the dark web, it can be recycled across multiple criminal forums for years.
Cybersecurity Is Not Optional for Third Parties
As more government services rely on external providers, ensuring their cybersecurity readiness is not just a contractual requirement — it’s a national security imperative. This case is a wake-up call for all organizations managing sensitive data through third parties.
If your company handles public sector data or sensitive personal information, it’s time to assess your cyber resilience. ZENDATA offers advanced cybersecurity services including third-party risk assessments, ransomware readiness audits, and incident response planning.
Read the full article from Bleepingcomputer here.
