Ransomware (Lynx)

TRISA Lynx Ransomware

In February 2026, TRISA AG, a Swiss world market leader in oral hygiene products, fell victim to the Lynx ransomware group. 1 TB of data was exfiltrated.

TRISA Lynx Ransomware

What happened?

In early February 2026, TRISA AG, headquartered in Triengen (Canton Lucerne), fell victim to a targeted ransomware attack by the hacker group Lynx. The attackers penetrated the company’s IT infrastructure, encrypted critical systems and exfiltrated approximately 1 terabyte of corporate data.

Lynx is a comparatively young but extremely active ransomware group that has been targeting industrial companies since 2024, employing a double extortion strategy: besides encrypting systems, the attackers threaten to publish stolen data on their darknet leak site.

Initial access was presumably gained through a vulnerability in an exposed service or compromised credentials. The attackers then moved laterally through the network, escalated privileges and systematically prepared the exfiltration and encryption — suggesting a multi-week presence in the network.

Who was affected?

TRISA AG is a traditional Swiss family-owned company with over 135 years of history, approximately 1,100 employees and annual revenues of about CHF 215 million.

  • Production systems: Manufacturing at the Triengen headquarters was temporarily impaired
  • Employees: Personal data of approximately 1,100 staff were potentially in the exfiltrated data
  • Business partners and customers: Confidential business information, price lists and contract details may have been compromised
  • Research and development: Patents, product developments and manufacturing processes of high value

How large was the damage?

Damage categoryEstimated cost
Production downtime and business interruptionCHF 2–5m
Incident response and forensicsCHF 500,000–1m
System restoration and IT rebuildCHF 1–3m
Legal advice and data protectionCHF 200,000–500,000
Crisis communication and PRCHF 100,000–300,000
Estimated total damageCHF 5–13m

A cyber insurance policy with CHF 5–10m coverage would have covered 50–70% of direct damages.

Lessons for Swiss SMEs

  1. Manufacturing companies are high-value targets due to OT/IT convergence.
  2. 1 TB of exfiltration often goes undetected: monitoring solutions are essential.
  3. Double extortion is the new standard.
  4. Protect intellectual property in separate network segments.
  5. Cyber insurance as a financial safety net.
  6. Comply with the reporting obligation to the BACS within 24 hours.

Get a free consultation. The experts at BTAG Versicherungsbroker AG in Bern find the right cyber insurance for your manufacturing company.

Have questions about cyber insurance?

Our partners at BTAG are happy to advise you — free and with no obligation.

Learn more Or calculate your costs first

A service of BTAG Versicherungsbroker AG, Bern — independent advice since 1990.

BTAG Versicherungsbroker AG Mitglied SIBA FINMA Register-Nr. 12229
Contact us →