Cyber Incident Victim: TOP-Medien
Date:
Feb 2025
Location:
Switzerland
Summary
A media organization experienced repeated cyberattacks involving encryption ransomware, disrupting live broadcasts, production capabilities, and online services across its radio, television, and digital platforms. The incidents also compromised email servers and led to extortion demands. Following the attacks, the organization collaborated with cybersecurity experts to investigate the breaches and restore operations, though recovery efforts extended over multiple days for affected systems and data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 21, 2024, TOP-Medien, the parent company of Radio Top and Tele Top, experienced a disruptive cyberattack involving an encryption trojan. The attack began during the afternoon, causing irregularities and outages across the company’s online, radio, and television services. Technical teams identified the malware’s impact on mail servers, disrupting internal communications. Production capabilities were immediately compromised, preventing the broadcast of scheduled programming. Radio Top’s program director, Gjusi Brändli, publicly confirmed the severity of the incident, stating the attackers had launched a massive ransomware operation demanding payment. The technical department collaborated with external cybersecurity experts to isolate infected systems and assess the attack’s scope. Recovery efforts required multiple days to restore encrypted data and applications, though the article did not specify an exact resolution timeline. The incident forced TOP-Medien to issue public advisories via its "toponline.ch" platform, acknowledging service limitations. No customer data breach was mentioned, but operational continuity was significantly impaired.
TOP-Medien suffered a second encryption trojan attack on February 1, 2025, at approximately 22:00, again targeting Radio Top and Tele Top. The malware disrupted all production and live broadcasting capabilities, halting scheduled programming for both radio and television. The attack affected "toponline.ch" web content, the "Top now" app’s video-on-demand services, and internet radio streams. Mail servers were also compromised, hindering internal and external communications. TOP-Medien’s update on February 3, 2025, confirmed ongoing engagement with cybersecurity specialists to investigate the incident. No ransomware demands or data exfiltration claims were disclosed in the available report. The recurrence highlighted persistent vulnerabilities, as the company had not fully mitigated risks from the 2024 attack. Service restoration timelines remained unspecified, though the immediate operational paralysis mirrored the earlier incident’s severity. TOP-Medien’s public communications emphasized transparency regarding service disruptions but omitted technical details about the attackers’ methods or infrastructure.