Swisswindows AG goes bankrupt after Ryuk attack

[German]In May 2019, the Swiss window manufacturer Swisswindows AG was the victim of a ransomware attack using the encryption trojan Ryuk. Now the company has filed for bankruptcy on Feb, 26, 2020 and dismissed all 170 employees.


Swiss blog reader Adrian W. informed me about this development by mail (thanks for that). Despite the name, Swisswindows AG has nothing to do with Microsoft Windows, but it is a small company for window construction, which was based in Switzerland.

Swisswindows AG

It was an owner-managed company, which presents itself on its website as an experienced Swiss developer and manufacturer of high-quality window and door systems for renovation and new construction. The company was founded in 1912 and its headquarters are in Mörschwil, St. Gallen. However, there are several production sites.

The site reports here, that bankruptcy proceedings were opened against Swisswindows AG on Wednesday (26 February 2020). The company employs around 170 people throughout Switzerland. I gather from the reports that wages are probably also outstanding. The Tagblatt has recently mentioned financial problems.

Deathblow by hacker attack with Ryuk

The swiss tabloid Blick reported, that the order list was pretty filles. But in May 2019 there was a cyber attack on the company's IT. Employees of the company confirmed to Blick that it was the Ryuk ransomware. This had crippled the IT of the window manufacturer. 


The Trojan gained access to the company server and encrypted the accessible files there. An insider is told Blick "Our window construction program was completely encrypted. All orders and all customer and machine data at all three of our locations were simply gone".  As everything is interconnected via networked even in such small companies, suddenly not a single machine was running in production.

Although there were daily backups, which an external IT company performed on a daily basis. But even these backups were rendered unusable by the attack. The public prosecutor's office of the canton of St. Gallen confirms the BLICK on request corresponding investigations, but does not want to give any details.

"The result was a production downtime of more than a month, accompanied by massive consequential costs," says CEO Neša Meta in a letter to the staff. He is quoted as saying that Swisswindows was also confronted with Bitcoin demands: "We did not allow ourselves to be blackmailed. Since the infrastructure had to be replaced anyway after the cyber attack for security reasons, this was not an option".

As a result of the cyber attack, deadlines could not be met and penalties for failure to deliver became due. According to this article, the business processes, from order planning to invoices to deadlines, had to be selected and processed in paper form.

According to the managing director, the company actually believed that it had been properly set up with regard to Internet security. "A cyber attack like this can ruin a company. And we in Switzerland have no awareness of this at all", the company boss had to state soberly. Since the cyber attack did not succeed in finding an investor who could have guaranteed the necessary liquidity for the company, bankruptcy has now been applied for.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *