Ragnar Locker Ransomware Claims Attack on Portugal’s Flag Airline
The Ragnar Locker ransomware gang has claimed an attack on the flag carrier of Portugal, TAP Air Portugal, disclosed by the airline after its systems were hit on Thursday night.
The company said the attack was blocked and added that it found no evidence indicating the attackers gained access to customer information stored on impacted servers.
“TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed,” the airline operator revealed in a statement on Friday via its official Twitter account.
Also Read: New licensing requirements for cyber-security service providers in 2022
“No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability.”
On Monday, the airline also published an alert saying that its website and app are unable because of the Thursday cyberattack.
It also added that customers could book flights, manage previously made bookings, and check in and download their boarding passes without logging in.
Even though TAP is yet to confirm if this was a ransomware attack, the Ragnar Locker ransomware gang posted a new entry on their data leak website today, claiming to be behind last week’s cyberattack that hit TAP’s network.
Also Read: A Closer Look: The Personal Information Protection Law in China
The ransomware group says it has “reasons” to believe that hundreds of Gigabytes of data might have been compromised in the incident and threatened to provide “irrefutable evidence” to disprove TAP’s statement that its customers’ data wasn’t accessed in the incident.
“Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled the cyber attack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be compromised),” the gang says.
Ragnar Locker also shared a screenshot of a spreadsheet containing what looks like customer information stolen from TAP’s servers, including names, dates of birth, emails, and addresses.
Ragnar Locker ransomware payloads were first observed in attacks against several targets in late December 2019.
Attackers using Ragnar Locker ransomware have also encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and asked for a 1580 BTC ransom (the equivalent of more than $10 million at the time).
A list of Ragnar Locker’s past victims also includes Japanese game maker Capcom, computer chip manufacturer ADATA, and aviation giant Dassault Falcon.
In March, the FBI said that Ragnar Locker ransomware had been deployed on the networks of at least 52 organizations from multiple US critical infrastructure sectors since April 2020.
TAP (short for Transportes Aéreos Portugueses) is the largest airline in Portugal, accounting for more than 50% of arrivals and departures at the Lisbon International Airport in 2019.
TAP Air Portugal didn’t reply to a request for comment when BleepingComputer reached out earlier today.