CyberMorans,
In an earlier post, We ventured into the dark web. We found a lot of services and nefarious sites....that was a good one, you should check it out. Anyway, in that post, I showed you how to find ransomware groups .onion sites and even showed a few of them websites. One of these examples, was Ragnar Locker 😈, one of the biggest and notorious ransomware group in the world ☠️
Well Morans, We have new announcement and leaks on their site. This time the victim is TAP Air Portugal, a huge Portuguese carrier airline, disclosed by the airline after its systems were hit on Thursday night (01/09/2022)
The company said the attack was blocked and added that it found no evidence indicating the attackers gained access to customer information stored on impacted servers.
"TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed," the airline operator revealed in a statement on Friday via its official Twitter account.
"No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability."
On Monday, the airline also published an alert saying that its website and app are down because of the Thursday cyberattack.
It also added that customers could book flights, manage previously made bookings, and check in and download their boarding passes WITHOUT logging in.
Even though TAP is yet to confirm if this was a ransomware attack, the Ragnar Locker ransomware gang 😈 posted a new entry on their data leak website today, claiming to be behind the cyberattack that hit TAP's network.
The ransomware group 😈 says it has "reasons" to believe that hundreds of Gigabytes of data might have been compromised in the incident and threatened to provide "irrefutable evidence" to disprove TAP's statement that its customers' data wasn't accessed in the incident.
"Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled the cyber attack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be compromised) 🤭," the gang says.
Ragnar Locker also shared a screenshot of a spreadsheet containing what looks like customer information stolen from TAP's servers, including names, dates of birth, emails, and addresses 👇
Ragnar Locker ransomware attack proof 😋
Ragnar Locker ransomware payloads were first observed in attacks against several targets in late December 2019. Actors using Ragnar Locker ransomware have also encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and asked for a 1580 BTC ransom, more than $10 million at the time.
A list of Ragnar Locker's past victims also includes Japanese game maker Capcom, computer chip manufacturer ADATA, and aviation giant Dassault Falcon.
In March, the FBI said that Ragnar Locker ransomware had been deployed on the networks of at least 52 organizations from multiple US critical infrastructure sectors since April 2020.
TAP (short for Transportes Aéreos Portugueses) is the largest airline in Portugal, accounting for more than 50% of arrivals and departures at the Lisbon International Airport.
Sourced: Bleepingcomputer
Conclusion
Subscribe to receive notifications of similar posts 😋 where we will be reverse engineering malware and the technical aspect of vulnerabilities as well as how an attacker may use this vulnerability as an attack vector and other Infosec stuff...😋
Morans,
Thank you for your time, Like and leave a comment/review and as always, stay awesome! 😋👊 💪