Jump to content
  • Ragnar Locker ransomware claims attack on Portugal's flag airline

    alf9872000

    • 456 views
    • 3 minutes
     Share


    • 456 views
    • 3 minutes

    The Ragnar Locker ransomware gang has claimed an attack on the flag carrier of Portugal, TAP Air Portugal, disclosed by the airline after its systems were hit on Thursday night.

     

    The company said the attack was blocked and added that it found no evidence indicating the attackers gained access to customer information stored on impacted servers.

     

    "TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed," the airline operator revealed in a statement on Friday via its official Twitter account.

     

    "No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability."

     

    On Monday, the airline also published an alert saying that its website and app are unable because of the Thursday cyberattack.

     

    It also added that customers could book flights, manage previously made bookings, and check in and download their boarding passes without logging in.

     

    TAP Air cyberattack tweet

     

    Even though TAP is yet to confirm if this was a ransomware attack, the Ragnar Locker ransomware gang posted a new entry on their data leak website today, claiming to be behind last week's cyberattack that hit TAP's network.

     

    The ransomware group says it has "reasons" to believe that hundreds of Gigabytes of data might have been compromised in the incident and threatened to provide "irrefutable evidence" to disprove TAP's statement that its customers' data wasn't accessed in the incident.

     

    "Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled the cyber attack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be compromised)," the gang says.

     

    Ragnar Locker also shared a screenshot of a spreadsheet containing what looks like customer information stolen from TAP's servers, including names, dates of birth, emails, and addresses.

     

    TAP_ransomware_attack_proof.jpeg
    Ragnar Locker ransomware attack proof (BleepingComputer)
     

    Ragnar Locker ransomware payloads were first observed in attacks against several targets in late December 2019.

     

    Attackers using Ragnar Locker ransomware have also encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and asked for a 1580 BTC ransom (the equivalent of more than $10 million at the time).

     

    A list of Ragnar Locker's past victims also includes Japanese game maker Capcom, computer chip manufacturer ADATA, and aviation giant Dassault Falcon.

     

    In March, the FBI said that Ragnar Locker ransomware had been deployed on the networks of at least 52 organizations from multiple US critical infrastructure sectors since April 2020.

     

    TAP (short for Transportes Aéreos Portugueses) is the largest airline in Portugal, accounting for more than 50% of arrivals and departures at the Lisbon International Airport in 2019.

     

    TAP Air Portugal didn't reply to a request for comment when BleepingComputer reached out earlier today.

     

    Source: BleepingComputer

    https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/

    • Like 3

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...