Menu
Browse

Cyber Threat Actor: Swiss Cloud Ransomware

Actor Type Location Known Incidents
 Icon
Criminal
Switzerland
1 incident
Profile

Swiss Cloud Ransomware is the alias used for a threat actor that has been linked to a ransomware operation originating from Switzerland. The actor is known primarily for deploying ransomware against a Swiss‑based cloud service provider, and no other aliases or geographic bases have been publicly attributed to this group. The incident that brought the actor to attention occurred in April 2021, when the group executed a ransomware attack against Swiss Cloud Computing AG, a company that provides cloud infrastructure to thousands of customers.

The actor’s observed targeting focuses on the cloud computing sector within Switzerland, as evidenced by the compromise of Swiss Cloud Computing AG, which disrupted services for approximately 6,500 of its customers. The strategic objective demonstrated in this case is financial extortion through ransomware, as the attack encrypted data and demanded payment for restoration, prompting the victim to engage external specialists from HPE and Microsoft to recover operations. No evidence has been presented to suggest espionage, political disruption, or other motives beyond the ransom demand.

Regarding tactics, techniques, and procedures, the only confirmed element is the use of ransomware malware; the specific ransomware family, initial access vectors, post‑exploitation tooling, or lateral movement methods have not been disclosed in publicly available sources. Consequently, details about phishing, vulnerability exploitation, credential theft, or particular tool suites remain unknown for this actor. The actor’s operational style appears to involve a single, high‑impact ransomware deployment rather than a prolonged intrusion campaign.

Attribution to any state sponsor, criminal consortium, or affiliated group has not been established in open‑source reporting, and the actor’s ties to broader threat landscapes remain unverified. The Swiss Cloud Computing AG incident stands as the sole publicly reported operation associated with this alias, serving as the primary reference point for understanding the actor’s behavior and impact. No additional campaigns or historical activities have been documented in the available material.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources