Malware
Explosive Ransomware Attack: 65,000 Government Documents Compromised and Leaked
Switzerland Play ransomware has leaked 65,000 government documents from the Swiss Public Ministry, exposing sensitive information. The attack highlights the need for robust cybersecurity measures to protect against increasingly sophisticated ransomware threats. Protect your organization with advanced security solutions and stay ahead of cybercriminals.
Imagine waking up one morning to find that thousands of sensitive government files have been stolen and leaked online by cybercriminals. That’s exactly what happened in Switzerland recently, when the National Cyber Security Centre (NCSC) released a report detailing the impact of a ransomware attack on Xplain, a Swiss technology and software solutions provider.
What happened to Xplain?
Xplain works with various government departments, administrative units, and even the country’s military force. Unfortunately, on May 23, 2023, the Play ransomware gang breached the company. The attackers claimed to have stolen documents containing confidential information, and in early June 2023, they published the stolen data on their darknet portal.
The Swiss government began investigating the leaked files, admitting that they might contain documents belonging to the Federal Administration of Switzerland. Their new statement confirms that 65,000 government documents were leaked in the breach:
- 5% (65,000 documents) of the approximately 1.3 million files published by the Play ransomware gang are relevant to the Federal Administration.
- 95% of those files impact the administrative units of the Federal Department of Justice and Police (FDJP): the Federal Office of Justice, the Federal Office of Police, the State Secretariat for Migration, and the internal IT service center ISC-FDJP.
- The Federal Department of Defence, Civil Protection and Sport (DDPS) were minorly affected, accounting for just over 3% of the data.
- About 5,000 documents contained sensitive information, including personal data (names, email addresses, telephone numbers, and addresses), technical details, classified information, and account passwords.
- A few hundred files contained IT system documentation, software or architectural data, and passwords.
Why is the investigation taking so long?
The Swiss government launched an administrative investigation on August 23, 2023, which is set to be completed by the end of this month. The full results and cybersecurity recommendations will then be shared with the Federal Council. So, why has the investigation taken so long?
There are several reasons. First, analyzing unstructured data and the large volume of leaked data requires significant time and resources to triage documents relevant to the Federal Administration. Second, legally examining the leaked data for evidence is complicated, as confidential information requires inter-agency coordination and participation, inevitably prolonging the process.
Don’t let this happen to you
It’s a scary thought that even government entities can fall victim to cyberattacks. This incident serves as a stark reminder of the importance of cybersecurity in today’s digital age. If you want to ensure your organization’s safety, you need to be proactive in protecting your sensitive data and IT systems.
At IT Services, we’re here to help you navigate the ever-evolving world of cybersecurity. We’ll work with you to develop a comprehensive plan to safeguard your valuable information from cyberthreats. Don’t wait until it’s too late. Contact us today and ensure your organization’s safety. And remember, keep coming back to learn more about cybersecurity and how to stay protected.