Swiss Companies Pay Ransom to Hackers Ruag’s Secret Payment to Cybercriminals
- Ruag, a Swiss federally owned defense and aerospace company, paid a ransom to the Akira ransomware group after a cyberattack targeted its U.S.
- The transaction was handled through Ruag's American branch, as reported by ICTjournal.
- Ruag opted for the payment to mitigate the impact of the Akira group's attack on its U.S.
Ruag, a Swiss federally owned defense and aerospace company, paid a ransom to the Akira ransomware group after a cyberattack targeted its U.S. subsidiary, according to reports from Le Temps, ICTjournal, and 24 Heures. The payment contradicts general security guidelines advising against rewarding cybercriminals and reveals a pattern of Swiss firms settling with hackers in secret.
The transaction was handled through Ruag’s American branch, as reported by ICTjournal. While the company initially maintained a level of discretion regarding the breach, Solutions-Numeriques reports that the federal entity paid the ransom in silence to resolve the crisis.
Why did Ruag pay the Akira ransomware group?
Ruag opted for the payment to mitigate the impact of the Akira group’s attack on its U.S. operations. The Akira group typically targets corporate networks to encrypt data and threaten the release of sensitive information if demands aren’t met.

According to Zonebourse Suisse, hackers in these types of campaigns often demand several million dollars. Ruag’s decision to pay via a foreign subsidiary allows the parent company to manage the fallout away from direct Swiss federal oversight, according to reporting from Solutions-Numeriques.
How common are ransomware payments among Swiss companies?
Many Swiss businesses pay ransoms despite public claims to the contrary, according to Le Temps. The publication reports that there is a significant gap between the official stance of Swiss corporate leadership and their actual responses to cyber extortion.
Companies often choose payment over public disclosure to avoid:
- Reputational damage associated with security failures.
- Potential drops in valuation or investor confidence.
- The prolonged operational downtime required to restore systems from backups.
What are the implications for Swiss federal entities?
The Ruag case is distinct because of the company’s ties to the Swiss government. Solutions-Numeriques notes that when a federal-linked entity pays a ransom, it potentially undermines national cybersecurity strategies that discourage such payments to prevent further attacks.
The reporting across outlets shows a contrast in how the event is framed. While 24 Heures focuses on the fact of the payment, ICTjournal provides the specific detail that the U.S. subsidiary served as the payment vehicle. This distinction suggests a strategic attempt to insulate the Swiss headquarters from the direct legal or political ramifications of the payout.
Cybersecurity experts cited in the reporting suggest that paying ransoms does not guarantee the return of data or prevent future targeting. Instead, it signals to groups like Akira that the organization is a viable target for financial extortion.
