We are part of the Helvetia Baloise Group.

We are part of the Helvetia Baloise Group.

?
The “Search” function is not available at the moment, please try again later.
Please get in contact with us. To contact form
Report a claim
About us
Working for Helvetia
EN
DE
FR
IT

  • Cyberattack: when suddenly nothing works any more

    27.08.2025 | Sonja Engl
    An SME was hit by a ransomware attack. The malware brought the company to a standstill, and attackers demanded a ransom. Team Helvetia’s cooperation network meant it was possible to react quickly and minimise damage.
cyber-attack

Cyberattack: when suddenly nothing works any more

27.08.2025 | Sonja Engl
cyber-attack
An SME was hit by a ransomware attack. The malware brought the company to a standstill, and attackers demanded a ransom. Team Helvetia’s cooperation network meant it was possible to react quickly and minimise damage.

A fateful morning

A Monday morning in August – the start of a normal working week. But when employees tried to log into the operating system, it quickly became clear that nothing was working any more. No access to appointments, orders or customer or phone data – all digital processes were blocked. The trades business* had been hit by a cyberattack. Unknown persons had installed malware that encrypted all the data and completely paralysed the digital process in order to extort the business. The attackers demanded a ransom of $300,000 to release the system.

Rapid assistance from Helvetia cooperation partners

After discovering the ransomware attack, the small business turned to its IT service provider, which knew that the trades business had cyber insurance with Helvetia and immediately contacted the insurance company. Helvetia operates a 24/7 cyber hotline for incidents like this and has a network of experts that can provide rapid assistance. Helvetia recommended that the IT service provider should contact Helvetia’s cyber cooperation partner Compass Security AG, which specialises in security assessments and incident response. On the same day, Compass took over the negotiations with the cybercriminals and helped the business overcome the crisis.

Timeline of the attack: complete takeover of the system in four hours

Compass Security quickly analysed the course of events in the attack. Early on Sunday morning at 6.24 am, the attackers logged in to the local VPN for the first time. By 7.33 am, they had already created a second user account with full administrator rights. This unrestricted access and the peace and quiet of the Sunday morning allowed them to block access to the central applications and data and initiate the encryption of the servers. The final step took place at 10.24 am, when the attackers came forward with a ransom demand.

Cyber insurance as a component of the risk strategy 

Being there when it counts pays off: the business was able to use its IT systems again just five days after the cyberattack. And it got them back without having to pay a ransom, but instead thanks to fast and professional support and data recovery by specialist IT experts. And due to the fact that the business regularly performs data backups that are protected against ransomware. These could be accessed despite the encryption of the system, and data loss was limited to five working days. Thanks to its cyber insurance, Helvetia was able to reimburse the trades business for the majority of its financial expenses – such as for data recovery, system cleaning, support from external IT experts and damage analysis.

This incident underscores the importance of a robust cybersecurity strategy. The combination of preventive measures and cyber insurance helps you protect your company against attacks and quickly get up and running again in an emergency.

cyrill-brunschwiler
“Ransomware attacks usually strike SMEs unexpectedly and at the worst possible time. The shock is huge, the pressure enormous. We’re there for moments like these around the clock. Our crisis-tested team brings calm to the chaos and provides support with technical expertise and a clear structure. We know how attackers work from numerous incidents, provide pragmatic clarification and negotiate with tactical sensitivity. Our top priority is to get companies up and running again quickly. The satisfaction and relief when a business is able to start operating again is a huge motivation for us.”
Cyrill Brunschwiler, Managing Director, Business Lead Security Monitoring & Emergency Support, Compass Security Schweiz AG

Prevention measures: How to protect your company from cyber risks.

Data loss can threaten a company’s very existence. Alongside cyber insurance, take precautions with preventive measures.

Backup strategy

Protect your company against ransomware with a sophisticated backup strategy. Keeping a structured and complete backup of data can prevent major data losses and business interruptions.

Backup strategy for SMEs
IT emergency management

An IT emergency plan will help your business respond quickly and professionally in the event of a cyber incident. It helps employees to act correctly in the event of an incident. This results in significantly fewer mistakes being made.

IT emergency plan for SMEs
*Name known to the editorial team
cyber-overview-og.jpg
Cyber insurance
Helvetia cyber insurance is there to help if damage occurs despite IT security measures.
Go to cyber insurance
Go to cyber insurance

You might also be interested in

Woman in a medical practice
SME
20.08.2025

How to insure your practice

Find out more
cyber-backup
SME
25.04.2025

Backup strategy for your SME

Find out more
optimierung-og
SME
26.02.2025

New specialists thanks to attractive pension fund

Find out more
jungunternehmen
SME
24.02.2025

How to insure a new company?

Find out more
maschienenbrand-og
SME
29.01.2025

Machine on fire

Find out more
vorsorgethemen-kmu-og
SME
05.12.2024

What's changing in pensions in 2025

Find out more