Radix
Sarcoma ransomware attack on Radix leaks 1.3TB of Swiss government data, exposin...
Introduction
A sophisticated ransomware attack has rocked Switzerland’s federal administration, exposing the nation’s persistent vulnerabilities to supply chain cyber threats. On June 16, 2025, the non-profit health foundation Radix, a trusted contractor for numerous Swiss federal offices, fell victim to the Sarcoma ransomware group. The fallout: 1.3 terabytes of sensitive data—ranging from official documents to private correspondence—now circulating on the dark web, and a government facing urgent questions about third-party risk management.
H2: Anatomy of the Attack
H3: The Sarcoma Group—A Rising Threat
Sarcoma, first detected in late 2024, has rapidly evolved into a formidable cybercrime collective, specializing in double extortion attacks. Unlike traditional ransomware, Sarcoma’s operations blend data encryption with large-scale data theft, leveraging the threat of public leaks to pressure victims. The group’s tactics are highly targeted, relying on spear-phishing, exploitation of unpatched software, and lateral movement through remote access tools and credential theft.
H3: Breaching Radix—Entry, Exfiltration, and Extortion
Radix, based in Zurich, manages health and administrative projects for federal, cantonal, and municipal authorities. On June 16, Sarcoma infiltrated Radix’s systems, exfiltrated a massive trove of data, and encrypted internal files. When Radix refused to pay the ransom, Sarcoma published the stolen data—spanning financial records, contracts, and sensitive communications—on its dark web leak portal on June 29.
H2: The Scale and Impact of the Data Leak
H3: Federal Data in the Crosshairs
Although Radix operates independently and holds no direct access to government IT systems, the breach’s impact is significant. As a contractor serving various federal offices, Radix stored and processed government data, now confirmed by Swiss authorities to have been leaked. The National Cyber Security Centre (NCSC) is leading the analysis to determine which agencies and datasets are affected, but the sheer volume—1.3TB—underscores the magnitude of the exposure.
H3: What Was Exposed?
The leaked archives reportedly include:
Scans of official documents and IDs
Financial statements and contracts
Private correspondence and internal communications
Potentially, personal data of individuals involved in government projects
While Radix has notified affected individuals and maintains that there is no evidence of partner organization data being compromised, the investigation is ongoing and the risk of phishing, fraud, and identity theft remains high.
H2: Supply Chain Attacks—A Recurring Swiss Vulnerability
H3: Not an Isolated Incident
This breach follows a troubling pattern in Switzerland. In 2024, a ransomware attack on Xplain, another government IT contractor, led to the leak of over 65,000 sensitive documents, including classified files and login credentials for federal agencies. These incidents highlight how attackers increasingly target third-party suppliers to circumvent direct government defenses.
H3: Double Extortion and Public Leaks
Sarcoma’s modus operandi—double extortion—mirrors a broader shift in ransomware strategy. By exfiltrating data before encryption, attackers gain leverage: even if victims refuse to pay, the threat of public exposure persists. In Radix’s case, the refusal to pay led directly to the data’s publication, amplifying the breach’s consequences and complicating incident response.
H2: The Swiss Response and Lessons for the Future
H3: Immediate Actions and Ongoing Investigation
The NCSC, in coordination with Radix, law enforcement, and affected federal units, is conducting a comprehensive review to map the full extent of the breach. Authorities have urged vigilance, warning of increased phishing attempts leveraging leaked data. Radix has pledged transparency and is working to inform all potentially impacted individuals.
H3: The Urgent Need for Supply Chain Security
This incident underscores the critical importance of robust third-party risk management in government IT. As cybercriminals increasingly exploit supply chain weaknesses, Swiss authorities—and governments worldwide—face mounting pressure to enforce stricter security standards, conduct regular audits, and ensure rapid incident detection and response across all contractors and partners.
Conclusion
The Sarcoma ransomware attack on Radix is a stark reminder that a government’s cybersecurity posture is only as strong as its weakest supplier. As investigations continue and the scale of the exposure comes into sharper focus, Switzerland’s experience offers a cautionary tale for any nation reliant on third-party contractors to manage sensitive data and critical infrastructure. The challenge ahead: closing the supply chain gap before the next breach strikes.
Relate
