CH Media Falls Victim to Play Ransomware

A Deep Dive into the Cybersecurity Incident

Swiss media giant CH Media has become a victim of the notorious Play ransomware, a cyberattack that has left the company reeling and facing the release of sensitive information. This article aims to provide a comprehensive analysis of the incident, including the background of Play ransomware, the details of the attack on CH Media, and the implications for the company and other potential targets.

The Rise of Play Ransomware

Play ransomware is a relative newcomer to the ransomware game, having been detected for the first time in June 2022. Nevertheless, it has rapidly gained notoriety for its devastating attacks on both large and small businesses across the globe. The ransomware employs an encryption algorithm to lock victims’ files, rendering them inaccessible, in “.play” format, until a ransom is paid. The attackers behind Play ransomware have been known to demand significant sums in Bitcoin and other cryptocurrencies, often threatening to leak stolen data if their demands are not met.

Some of the high-profile victims of Play ransomware include major corporations, government agencies, and educational institutions. The list of victims include, for example, BMW France, Skoda Praha, A10 Networks,, Energie Pool Schweiz, Austria Presse Agentur, SUNY Polytechnic Institute and many more. The attacks have resulted in significant financial losses, reputational damage, and operational disruptions for the affected organizations.

CH Media: A Brief Overview

CH Media was founded in 2018 as a joint venture between AZ Medien and the NZZ Media Group, two leading Swiss media companies. The organization has grown rapidly since its inception, becoming a major player in the Swiss media landscape. CH Media operates a diverse portfolio of brands, including,,, and, which collectively attract millions of visitors each month. The company has also expanded into television and radio broadcasting, further solidifying its position as a dominant force in Swiss media.

Photo by Philipp Potocnik

The Attack on CH Media

On April 10, 2023, CH Media fell victim to a Play ransomware attack. The cybercriminals behind the attack managed to infiltrate the company’s network and encrypt a significant portion of its data. Details surrounding the exact method of intrusion remain unclear, but it is known that the cyber criminals are using sophisticated tools to carry out cyber attacks on their victims.

The attackers have first released a portion of the stolen data, estimated to be around 5 GB, and then, on May 3, the full data has been released. The breach purportedly includes private and personal confidential information, payroll data, employee information, and details of various projects.

The leaked data has been made available through a dark web site, with a download link and a password provided by the attackers. The password has been widely circulated, raising concerns about the potential for further harm as more individuals gain access to the sensitive information.

Play Ransomware darknet page

The Implications for CH Media and Beyond

The Play ransomware attack on CH Media is a stark reminder of the ever-present threat of cybercrime, particularly for high-profile organizations with valuable intellectual property and customer data. The release of sensitive data can bring consequences for CH Media, including legal liabilities, and financial losses.

For other organizations, the attack on CH Media serves as a wake-up call to prioritize cybersecurity in an increasingly connected world. Companies must take a proactive approach to securing their networks and be prepared to respond swiftly to incidents when they occur.

Moreover, the incident underscores the importance of collaboration between organizations, law enforcement, and cybersecurity experts in the fight against cybercrime. By sharing threat intelligence and best practices, organizations can better defend against the ever-evolving tactics employed by cybercriminals.

The fight against cybercrime is one that requires constant vigilance, innovation, and collaboration. By working together, businesses, governments, and cybersecurity experts can build a more resilient digital landscape, ensuring that the valuable information that drives our world remains protected.

If you liked this article, we advise you to read our previous article about the new fraud uncovered by Follow us on Twitter and LinkedIn for more content.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.