blackbyte attacks Swiss American

Incident Date:

October 1, 2022

World map



blackbyte attacks Swiss American


Swiss American




Louis, USA

Missouri, USA

First Reported

October 1, 2022

Swiss American Ransomware Attack

Swiss American, a retailer specializing in cheese and specialty foods, has recently fallen victim to a ransomware attack orchestrated by the group known as Blackbyte. This incident was disclosed on the group's dark web leak site. Swiss American is recognized for its innovative cross-docking programs, offering a diverse assortment of cheeses and specialty foods tailored to the preferences of individual neighborhoods.

The company's official website provides detailed insights into its operational capabilities. Notably, Swiss American boasts a 40,000 square foot SQF Level 3 certified food facility located in St. Louis, Missouri. The company has consistently surpassed food safety standards, achieving SQF 2000 Level 3 certification for six consecutive years. Additionally, it maintains a portfolio of over 100 exclusive, control, customized, and private label brands for its clientele.

While specific vulnerabilities that led to Swiss American being targeted by cybercriminals are not detailed, the company's significant size and strategic position within the industry imply potential motives. These could include the prospect of substantial ransom payments or the desire to disrupt a key supplier within the retail ecosystem.

This attack on Swiss American underscores a wider pattern of cyber threats faced by entities in Switzerland. In 2023 alone, both the Swiss government and Federal Railways experienced cyberattacks, with confirmed data theft incidents. Moreover, the Swiss government issued warnings regarding the potential access of operational data by ransomware groups following an attack on a local IT firm.

The incident involving Swiss American serves as a stark reminder of the persistent risk of ransomware attacks targeting the business sector, especially retail. Despite ongoing enhancements in cybersecurity defenses, threat actors continue to identify and exploit vulnerabilities for financial gain.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.