Ragnar Locker ransomware operatives have claimed responsibility for last week’s cyber attack on TAP Air, Portugal’s flag airline.
The claim comes after TAP last week issued a terse announcement admitting it suffered a cyberattack. It followed up on Twitter, saying the incident was contained, with no evidence that the threat actors accessed customer data.
“TAP was the target of a cyber-attack, now blocked,” the airline tweeted. “Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability. Thank you for your understanding.”
In a second follow-up, TAP said it “continues to adopt, with the support of an external international entity and in coordination with the authorities, all appropriate containment and remediation measures to protect the company and its customers.”
It also noted that “allegations are being made that an organised cybercrime group has stolen customer data.”
According to the Dark Web, those allegations are true.
On their name-and-shame site, Ragnar Locker operatives have now claimed responsibility for the attack, sharing images that appear to show compromised TAP customer information, including names, dates of birth, emails and addresses, as reported by Bleeping Computer.
The gang believes it is sitting on “hundreds of gigabytes” of data pilfered from TAP’s servers.
It is unclear what the ransom demands are, or whether TAP plans to cooperate with their aggressors to keep them from publishing or selling the data.
Last month, in a nearly identical scenario, the Ragnar Locker crew hacked DESFA, one of Greece’s major natural gas operators, “with a confirmed impact on the availability of some systems and possible leakage of a number of directories and files,” according to the company.