Federal Administration also impacted by Concevis hack

Bern, 14.11.2023 - The software company Concevis has fallen victim to a ransomware attack, causing all of its servers to be encrypted. As far as is currently known, the stolen data is believed to include older operational data from the Federal Administration. In-depth analyses are still ongoing.

Concevis, a Swiss provider of software solutions for public administrations (federal government, cantons, cities and towns), the financial sector and companies in industry and logistics, has suffered a ransomware attack. The attackers stole data and then encrypted all of the company's servers. As Concevis has not paid the ransom demanded, the attackers have threatened to publish the data on the darknet.

Concevis has informed its clients about the cyberincident. Furthermore, the software company has filed a criminal complaint with the Basel Stadt public prosecutor's office and engaged an external security service provider to deal with the incident.

Concevis' clients also include various administrative units of the Federal Administration. Based on the information currently available, the Federal Office for Civil Protection, the Federal Office for Spatial Development, the Federal Office of Civil Aviation, the Federal Statistical Office, the Federal Tax Administration and the Training and Education Command are on Concevis' client list. Clarifications are currently under way to determine the specific units and data concerned. The applications developed by Concevis are operated by Federal Administration service providers. It is unlikely at present that federal systems have been compromised. The analyses conducted to date have not revealed any indications of this.

The NCSC is coordinating further clarifications and measures within the Federal Administration. It is liaising with Concevis, as well as with the prosecution authorities and the affected administrative units of the Federal Administration, and will inform the public of further findings in due course.

The course of ransomware attacks in most cases:

After the attackers gain unauthorised access to a company's systems, the data is first stolen, then encrypted and the company is blackmailed. If the company in question does not pay, they threaten to publish the stolen data and if the ransom is not paid, the data is published.

Address for enquiries

NCSC Communications
Tel. 058 465 53 56


Federal Department of Finance