Cyber Incident Victim: Finaport

Finaport, a Swiss wealth management firm with offices in Switzerland, Singapore, and Liechtenstein, experienced a significant ransomware attack targeting its central IT systems around January 2023. The ALPHV ransomware group, also known as Black Cat, claimed responsibility for the breach and published stolen data on their darknet leak site on Sunday preceding the January 1 article date. Compromised data included Outlook mailboxes belonging to current and former employees. The attack rendered Finaport's website (finaport.com) inaccessible for multiple days and affected operations at their Singapore subsidiary. ALPHV operates under a Ransomware-as-a-Service (RaaS) model, providing infrastructure to third-party attackers, and is considered one of the most aggressive cybercriminal groups.

Upon detecting the intrusion, Finaport's IT specialists immediately disconnected all systems from the network and shut them down within 24 hours. CEO Fabian Jenny confirmed that all computer systems were subsequently rebuilt from scratch in a secure environment and restored to operation approximately one week before the article's publication. The company notified Switzerland's Financial Market Supervisory Authority (FINMA) within the mandatory 24-hour reporting window required by Swiss regulations. Finaport stated that core customer databases in Switzerland and Liechtenstein remained uncompromised and that backups of affected data existed but weren't accessed by attackers. The darknet data leak indicated Finaport refused ransom demands from the attackers, whom the article suggested likely operated from Russia. FINMA declined to comment on the specific incident but emphasized cyberattacks represent a top-tier risk for Switzerland's financial sector, noting increasing frequency and sophistication of such incidents while underscoring the importance of mandatory reporting requirements.