A prominent ransomware gang claimed responsibility for a hit on Portugal's flag carrier TAP Air, which was first reported by the airline on Thursday night.
The airline said it blocked the ransomware attack, emphasizing it found no evidence attackers had gained access to customer information stored on their affected servers.
In a tweet on Friday, Transportes Aéreos Portugueses (TAP) Air revealed that it was a target of a cyber-attack, which it blocked. "Operational integrity is guaranteed," the airline operator added in its statement.
Ragnar Locker Says Hundreds of Gigabytes of TAP Customer Data Might Have Been Compromised
Although TAP has yet to confirm if the cyberattack was indeed a ransomware attack, the notorious Ragnar Locker ransomware gang confirmed its participation in the TAP hit on their data leak website on Wednesday, saying it was behind the cyberattack that hit Portuguese airline's network.
In addition, the ransomware group said it has "reasons" to believe that hundreds of Gigabytes of data might have been hacked as it threatened to provide "irrefutable evidence" to disprove TAP's claim that its customers' data was not compromised.
The gang said that while TAP issued a press release that no customer data was compromised, it had reasons to believe that hundreds of gigabytes of customer data "might have been compromised."
Ragnar Locker also presented a screenshot of a supposed spreadsheet that carried what appears like customer information obtained from TAP's servers, such as specific names, dates of birth, emails, and addresses.
It added that while "no facts have been found" to conclude that there was "improper access," the TAP Air website and app "still have some instability."
On Monday, TAP Air issued an alert stressing that its website and app were unavailable due to the attack on Thursday.
The airline likewise added that customers may still book flights, manage previously made bookings, or check in and download their boarding passes without having to log in.
Ragnar Locker ransomware payloads were first seen in attacks against multiple targets in late December 2019.
Other Ragnar Locker Attacks Hit Utilities, Tech Companies, Critical Infrastructure
Using Ragnar Locker ransomware, attackers have also encrypted the systems of Portuguese multinational energy company Energias de Portugal (EDP) and asked for a ransom of 1,580 BTC ransom, which is equivalent to more than $10 million at the time of the attack.
Ragnar Locker's past victims include Japanese game developer Capcom, computer chipmaker ADATA, and aviation giant Dassault Falcon.
In March, the US Federal Bureau of Investigation (FBI) said that Ragnar Locker ransomware had been utilized in attacks targeting networks of at least 52 organizations from several US critical infrastructure sectors since April 2020.
TAP is the largest airline in Portugal, accounting for more than 50 percent of arrivals and departures at the Lisbon International Airport in 2019.
TAP has yet to issue a further statement on the matter.