Ragnar Locker ransomware responsible for an attack on Portugal’s flag carrier, ‘Hundreds of Gigabytes’ of Customer Data Stolen

The Ragnar Locker ransomware gang has claimed responsibility for an attack on Portugal’s flag carrier, TAP Air Portugal, which was revealed by the airline after its systems were compromised on Thursday night. The company stated that the attempt was stopped and that no evidence indicated that the attackers had access to consumer information stored on the targeted servers.

“TAP was the target of a cyber-attack, which has now been stopped. The operational integrity is ensured “The airline disclosed the news on Friday via its official Twitter account.

“There are no facts that lead us to believe that consumer data was improperly accessed. The website and app are still unstable.” The airline also issued an advisory on Monday, stating that its website and app are down due to the Thursday cyberattack. Customers could also purchase flights, modify previously made bookings, check in, and get boarding passes without checking in.

TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability. Thank you for your understanding. pic.twitter.com/zQASbpNtXx

— TAP Air Portugal (@tapairportugal) August 26, 2022

TAP has yet to clarify whether this was a ransomware attack, but the Ragnar Locker ransomware gang made a new entry on their data leak website today, claiming responsibility for last week’s cyberattack on TAP’s network. The ransomware gang claims to have “reasons” to believe that hundreds of Gigabytes of data were hacked in the event and has vowed to offer “irrefutable evidence” to refute TAP’s claim that its customers’ data was not accessed.

“Several days ago, Tap Air Portugal issued a press release in which they confidently claimed that they had successfully repulsed the cyber attack and that no data had been touched ” the gang says. Ragnar Locker also posted a screenshot of a spreadsheet that appears to contain customer data stolen from TAP’s servers, such as names, dates of birth, emails, and addresses.

Ragnar Locker ransomware payloads were initially seen in late December 2019 attacks against a variety of targets. Attackers utilizing Ragnar Locker ransomware seized the systems of Energias de Portugal (EDP), a Portuguese multinational energy company, and demanded a 1580 BTC ransom.

Ragnar Locker’s previous victims include Japanese video game company Capcom, computer semiconductor manufacturer ADATA, and aviation giant Dassault Falcon. The FBI announced in March that Ragnar Locker ransomware had been deployed on the networks of at least 52 businesses across several critical infrastructure sectors in the United States since April 2020. TAP (Transportes Aéreos Portugueses) is Portugal’s largest airline, accounting for almost half of all arrivals and departures at Lisbon International Airport in 2019.