RagnarLocker Ransomware Gang Claims TAP Air Portugal as Its Second Victim in Two Weeks
The Ragnar Locker gang is claiming to have stolen hundreds of gigabytes of data, including customer data, from TAP Air’s systems.
This week, the RagnarLocker ransomware gang said it successfully laid bare the systems of TAP Air Portugal, the country’s state-owned air carrier. The cybercriminal syndicate posted a screenshot of a spreadsheet on its leak site, suggesting that it managed to exfiltrate hundreds of gigabytes of data before being cut off.
RagnarLocker’s notice comes days after TAP Air confirmed on Friday, August 26, that it had been targeted a day before, on Thursday. Even though TAP Air was targeted, the airliner said it had no reason to believe that any data was taken. The attack did knock off its website and app, which became unstable. The company tweeted:
TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability. Thank you for your understanding. pic.twitter.com/zQASbpNtXx
— TAP Air Portugal (@tapairportugal) August 26, 2022
TAP Air’s version of the story remains unsubstantiated, at least publicly, considering the screenshot of the data BleepingComputer obtained contains the names, dates of birth, emails, and addresses of TAP Air’s passengers.
Screenshot of the TAP Air Portugal Data that RagnarLocker Ransomware Claims | Source: BleepingComputer
See More: German Semiconductor Manufacturer Semikron Hit by Ransomware Attack
“Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled the cyber attack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be compromised),” RagnarLocker said, according to BleepingComputer.
It is unclear whether the RagnarLocker ransomware gang demanded a ransom from TAP Air Portugal.
Although the RagnarLocker strain has existed since late 2019 and was discovered only in April 2020, the ransomware gang earned notoriety in 2021 when it upped the ante against critical infrastructure sectors.
By January 2022, RagnarLocker’s impact was felt by 52 organizations across 10 critical infrastructure sectors, including manufacturing, energy, financial services, government, and IT, as noted by the FBI and CISA in a flash alert dating to March 2022.
And going by the latest report from Cybereason’s global SOC team, the worst is yet to come.
Before targeting TAP Air Portugal, the RagnarLocker ransomware gang also victimized Greek gas operator DESFA in August 2022. Officially, DESFA stated it wouldn’t negotiate with cybercriminals, but a cybersecurity researcher opined that they could be negotiating.
Greece sits at the crossroads of the gas supply from the Middle East to Europe, making it a strategic target. The entire continent relies significantly on Russia for its energy needs. Come winter, countries will need to find alternatives to the energy supply from Russia, which has limited its exports to Europe.
Cybersecurity firm Dragos discovered that the highest number of ransomware incidents were against European (37%) and North American (29%) industrial organizations, indicating that most of these attacks were politically-motivated.
The attack against DESFA is the third against an energy company in August 2022, the others being BlackCat ransomware hitting Creos/Encevo and Hive ransomware targeting China’s ENN Group.
Dragos also found that energy and transportation were the third- and fourth-most targeted industrial sectors in Q2 2022, followed by oil and gas at #5.
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
MORE ON RANSOMWARE
