Comparis ransomware attack
Swiss price-comparison portal Comparis was knocked offline by ransomware and faced a roughly $400,000 demand; investigators later found attackers had accessed some internal customer data.
- Victim
- Comparis
In July 2021, Comparis β one of Switzerland's most-visited consumer websites, an insurance and price-comparison portal drawing some 80 million visits a year β was knocked offline by a ransomware attack. The attackers demanded roughly US$400,000 (CHF 370,000), and a follow-up police investigation found they had accessed some of the company's internal customer data.
What happened
The attack began around 7 July 2021 and by the following day had taken the Comparis website fully offline. The attackers encrypted systems and demanded a ransom of approximately CHF 370,000 in cryptocurrency. Comparis declined to pay and restored its website within about 48 hours, by 9 July.
The intrusion was attributed to "Grief," a ransomware operation widely linked to the Nefilim family and the Russia-based Evil Corp cybercrime group. A week after the attack, Zurich cantonal police reported that detailed forensic analysis had shown the perpetrators accessed certain internal customer data β turning an initially service-disruption event into a confirmed data breach.
Impact
- The Comparis website was offline for roughly two days, interrupting one of Switzerland's busiest consumer platforms.
- Attackers demanded approximately US$400,000 / CHF 370,000; no ransom was paid.
- Police confirmed the attackers had accessed internal customer data, though Comparis maintained that the exposure was limited.
Response
Comparis worked with the Zurich cantonal police and external security specialists to investigate and restore operations. The company emphasised it had refused the ransom demand and rebuilt affected systems from clean backups. Swiss authorities used the incident to renew warnings to domestic businesses about the rising tempo of ransomware and extortion campaigns targeting Swiss firms in 2021.
Why it matters
The Comparis attack was an early, high-visibility example of ransomware hitting a mainstream Swiss consumer brand, demonstrating that even well-resourced private companies serving millions of users were squarely in the crosshairs of extortion gangs. Its attribution to the Grief/Nefilim operation β part of the Evil Corp ecosystem subject to U.S. sanctions β also highlighted the legal peril of paying ransoms to sanctioned actors, reinforcing the "do not pay" posture that Comparis and later Swiss victims such as Xplain and Swissport would adopt.
Financial impact
Reported costs in USD
Timeline
Ransomware hits Comparis, beginning to take down the comparison portal.
The Comparis website is fully offline; attackers demand around $400,000 (CHF 370,000) in cryptocurrency.
Comparis restores its website; the company states no ransom was paid.
Zurich cantonal police confirm forensic analysis showed attackers accessed certain internal customer data.
Sources
- swissinfo.chhttps://www.swissinfo.ch/eng/sci-tech/ransomware-attackers-demand--400-000-from-swiss-website/46770612
- swissinfo.chhttps://www.swissinfo.ch/eng/sci-tech/ransomware-attack-at-comparis-resulted-in-data-breach/46789448
- swissinfo.chhttps://www.swissinfo.ch/eng/business/more-swiss-firms-facing-cyber-attacks-and-ransom-demands/47009868
- cyberlands.iohttps://www.cyberlands.io/topsecuritybreachesswitzerland