Cyber Incident Victim: TOP-Medien

The incident affecting TOP-Medien began on Tuesday midday, with irregularities and disruptions observed across the organization’s online, radio, and television platforms. Radio Top and Tele Top experienced operational failures, preventing scheduled programming from airing normally and forcing segments to be repeated. Initial investigations revealed a Trojan had infiltrated systems, spreading rapidly to encrypt multiple servers. The technical department, assisted by external cybersecurity experts, worked to locate the intrusion and assess its scope. Management confirmed the attack included a ransom demand, though they publicly stated no intention to engage with the perpetrators via the provided email address. Despite the severity of the breach, near-normal programming resumed on Tuesday and Wednesday, attributed to staff efforts to mitigate disruptions manually. Philippe Pfiffner, CEO of TOP-Medien, acknowledged the team’s adaptability during the crisis while emphasizing ongoing efforts to isolate the compromise.

Technical recovery operations focused on two parallel tracks: verifying an initial containment success through external specialists and preparing data restoration from backups. Pfiffner noted the restoration of programs and data would require several days due to the encryption’s impact. The attack disrupted internal workflows and content delivery but did not fully halt broadcasts, as contingency measures allowed partial continuity. Historical context was provided, linking the incident to a March 2023 cyberattack against NZZ and CH Media, which had caused extensive operational damage. No specifics about the Trojan’s delivery mechanism, data exfiltration, or ransom amount were disclosed. The company maintained public updates via its website but avoided detailed technical disclosures to avoid compromising remediation efforts.