Cyber Incident Victim: Swisspro Group AG

In early April 2024, Swisspro—a subsidiary of Swiss energy company BKW—experienced a ransomware attack targeting its legacy IT infrastructure. The incident was confirmed by BKW’s media office, which clarified that the attack specifically affected Swisspro’s outdated systems but did not compromise the operational IT environments of Swisspro, BKW Building Solutions, or other entities within the BKW group. Swisspro maintained its ability to deliver customer services throughout the incident. Authorities were notified immediately, and a dedicated taskforce was established to investigate the attack’s scope, contain potential impacts, and implement countermeasures. The taskforce isolated the compromised systems and enforced password changes as initial containment steps. BKW emphasized that its broader infrastructure operated normally, with continuous monitoring for anomalies, and stated there was no evidence of follow-on attacks targeting customer systems or other BKW subsidiaries, including UMB and affiliated companies merged under BKW Building Solutions in 2022.

The attack occurred against a backdrop of organizational consolidation, as Swisspro Solutions, Alphatrust, and Ngworx had been integrated into UMB under BKW’s ownership two years prior. Forensic analysis to determine whether data exfiltration occurred remained ongoing at the time of reporting. BKW’s public statements focused on minimizing operational disruption, reiterating that the ransomware’s impact was confined to Swisspro’s legacy architecture and did not propagate to active networks. No ransomware group or specific attack vector was identified in the available disclosures. The company did not disclose whether ransom demands were issued or if data restoration efforts were underway. All response actions were coordinated through the taskforce, with no further technical details or timelines for resolution provided.