Ran­somware in Switzerland

The Nationale Zen­trum für Cyber­sicher­heit (NCSC) men­tions ran­somware reports in their half-yearly 2022/II 76 report. About one third con­cerns pri­vate indi­vid­uals, two thirds com­pa­nies. As far as attacks on com­pa­nies are con­cerned, the most active ran­somware there is “Lockbit”; for pri­vate indi­vid­uals it is mainly “Dead­bolt”.

A ran­somware attack involves the encryp­tion of data and a ransom demand, fre­quently demanded in a cryp­tocur­rency. Many com­pa­nies have recog­nised this threat and have recently adapted their back-up strate­gies. Simply encrypting data is there­fore no longer lucra­tive enough for most attackers; some­thing which moti­vates them to carry out so-called double and triple extor­tions. In addi­tion to encrypting data, they will also then threaten to pub­lish them. With cases of triple extor­tion, cus­tomers and sup­pliers are also black­mailed, threat­ening them with the encrypted data and their publication.

An NCSC report dated 22nd May warns that ran­somware gangs are still very active in Switzer­land. Sev­eral com­pa­nies went public last week, con­firming that crim­i­nals car­ried out suc­cessful ran­somware attacks on them and that data were encrypted. It is there­fore of par­tic­ular impor­tance to always keep sys­tems up-to-date and ade­quately pro­tect access to them.

Fur­ther infor­ma­tion on ran­somware can be found here.

You can read the com­plete NCSC report on ran­somware gangs in Switzer­land here.