Switzerland said Thursday that government operational data might have been stolen in a cyberattack on the technology firm that provides software for several departments.
“Xplain, a Swiss provider of government software, has been the victim of a ransomware attack. After the stolen data had been encrypted and the company blackmailed, the attackers posted some of the stolen data on the darknet,” the government said in a statement.
“Contrary to the initial findings and following recent in-depth clarifications… it appears that operational data of the federal administration could also be affected.
“In-depth analyses are still ongoing.”
The Swiss army and the customs department are among the clients of Xplain, which supplies software to authorities specialising in homeland security.
The government said it did not believe that the Xplain systems have direct access to the federal administration systems.
Xplain accused a ransomware group called Play of being behind the attack.
“We have not made any contact with the Play group and we will not pay a ransom,” Xplain’s director Andreas Loewinger told AFP on Saturday.
Xplain has notified Switzerland’s National Cybersecurity Centre and the Bern police.
As in other countries, cyberattacks targeting companies, governments and even universities are on the increase in Switzerland.
Recently, two media outlets, CH Media and NZZ, were targeted by Play.
Related: Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
Related: SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
Related: Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
