Cropwise (Syngenta Group) in Switzerland suffered an extortion ransomware attack attributed to shadowbyt3$, with unauthorized access to https://operations.cropwise.com/d/users/sign_in and https://accounts.cropwise.com/signin. The threat actor claims 10.4MB of data was stolen, and demands payment to prevent further leakage and maximize damage. #Switzerland
Incident Details
- Victim: Cropwise (Syngenta Group)
- Sector: Agriculture and Food Production
- Country: CH
- Actor: shadowbyt3$
- Source:
- Discovered: 2026-06-02T04:20:12.877865+00:00
- Published: 2026-06-02T04:20:11.382939+00:00
Information
- Access to the operations and accounts portals was obtained.
- Approximately 10.4 MB of data was stolen.
- Stolen data reportedly included user identities and access credentials such as full names, corporate email addresses, phone numbers, password hashes, session tokens, and API keys.
- Precision agronomy and farm metrics were allegedly taken, including GIS field boundary files, NDVI imagery, growth tracking data, problem zone flags, and yield prediction models.
- Operational treatment records were reportedly compromised, covering pesticide and fertilizer applications, crop types, seeding timelines, and harvesting schedules.
- Telematics and fleet diagnostics data were also claimed, including GPS location paths, work shifts, operational speeds, and machine driver field locations.
- A ransom demand was issued, with a deadline of 48 hours to respond.
- The threat actors claimed they would leak the data, contact media, and email affected individuals if the demand was not met.
- Payment was requested in Bitcoin or Monero.
Disclaimer: This post is based on public claims made by the ransomware group "shadowbyt3$". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.