Swiss Cyber Case Studies

Real incidents in Switzerland focusing on attack patterns, damage and concrete lessons for your protection strategy.

Ransomware (Lynx) February 2026

TRISA Lynx Ransomware

In February 2026, TRISA AG, a Swiss world market leader in oral hygiene products, fell victim to the Lynx ransomware group. 1 TB of data was exfiltrated.

Damage: Several million CHF (estimated)

Ransomware (Qilin) November 2025

Habib Bank Qilin Ransomware

In November 2025, Habib Bank AG Zurich fell victim to the Qilin ransomware group. 2.5 TB of highly sensitive banking data was exfiltrated — including account data, passport numbers and source code.

Damage: Several tens of millions of CHF (estimated)

Ransomware (Sarcoma) June 2025

Radix Sarcoma Ransomware

In June 2025, the Radix Foundation fell victim to the Sarcoma ransomware group. Sensitive federal data ended up on the darknet — a supply chain attack with far-reaching consequences.

Damage: Several hundred thousand CHF (estimated)

Ransomware via VPN January 2025

Pharma Production Shutdown via VPN Compromise

In early 2025, a Swiss pharmaceutical company was infected with ransomware through a compromised VPN access. 17 days of production downtime caused CHF 8.5m in damages.

Damage: CHF 8.5m (estimated)

Ransomware (Play) March 2024

Xplain Ransomware Attack

The ransomware attack on Xplain affected over 900 GB of Swiss government data. Analysis of the incident and why cyber insurance would have helped.

Damage: Several million CHF

DDoS (Distributed Denial of Service) February 2024

Swisscom DDoS Attack (Twint Outage)

In February 2024, Swisscom was targeted by a massive DDoS attack that also paralysed the Twint payment service. The case demonstrates the vulnerability of even major Swiss corporations.

Damage: CHF 5–20m (estimated, incl. cascade effects)

Ransomware (Akira) January 2024

Akira Ransomware SME Wave Switzerland

The Akira ransomware group has been systematically attacking Swiss SMEs since 2024: 4–5 new victims per week, millions of CHF in total damage. A collective case study.

Damage: Several million CHF total damage

Ransomware (Akira) January 2024

Hoerbiger Akira Ransomware

In early 2024, the Swiss industrial group Hoerbiger fell victim to Akira ransomware. Over 50 GB of confidential data was published on the darknet.

Damage: CHF 15–40m (estimated)

Ransomware (Phobos) November 2023

Concevis Ransomware (Phobos)

In November 2023, the Swiss government software provider Concevis fell victim to a ransomware attack. Sensitive federal and cantonal data ended up on the darknet.

Damage: CHF 10–30m (estimated, incl. consequential costs for the federation)

Ransomware (Black Basta) May 2023

ABB Black Basta Ransomware

In May 2023, ABB fell victim to the Black Basta ransomware group. The attack paralysed production systems and caused damages in the hundreds of millions.

Damage: Several hundred million USD (estimated)

Targeted Attack February 2023

Cyber Attack University of Zurich

In February 2023, the University of Zurich was targeted by a sophisticated cyber attack. The incident paralysed IT systems and endangered research and student data.

Damage: CHF 3–10m (estimated)

Have questions about cyber insurance?

Our partners at BTAG are happy to advise you — free and with no obligation.

Learn more Or calculate your costs first

A service of BTAG Versicherungsbroker AG, Bern — independent advice since 1990.