{
	"id": "88d04291-898a-40a6-9583-906a16c3444b",
	"created_at": "2026-04-06T00:20:14.483292Z",
	"updated_at": "2026-04-10T13:12:35.949462Z",
	"deleted_at": null,
	"sha1_hash": "dd5b60470be348699af45d475f2f7e07c9935794",
	"title": "Ragnar Locker ransomware claims attack on Portugal's flag airline",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2350552,
	"plain_text": "Ragnar Locker ransomware claims attack on Portugal's flag airline\r\nBy Sergiu Gatlan\r\nPublished: 2022-08-31 · Archived: 2026-04-05 19:39:44 UTC\r\nThe Ragnar Locker ransomware gang has claimed an attack on the flag carrier of Portugal, TAP Air Portugal, disclosed by\r\nthe airline after its systems were hit on Thursday night.\r\nThe company said the attack was blocked and added that it found no evidence indicating the attackers gained access to\r\ncustomer information stored on impacted servers.\r\n\"TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed,\" the airline operator revealed in a\r\nstatement on Friday via its official Twitter account.\r\nhttps://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"No facts have been found that allow us to conclude that there has been improper access to customer data. The website and\r\napp still have some instability.\"\r\nOn Monday, the airline also published an alert saying that its website and app are unable because of the Thursday\r\ncyberattack.\r\nIt also added that customers could book flights, manage previously made bookings, and check in and download their\r\nboarding passes without logging in.\r\nEven though TAP is yet to confirm if this was a ransomware attack, the Ragnar Locker ransomware gang posted a new entry\r\non their data leak website today, claiming to be behind last week's cyberattack that hit TAP's network.\r\nThe ransomware group says it has \"reasons\" to believe that hundreds of Gigabytes of data might have been compromised in\r\nthe incident and threatened to provide \"irrefutable evidence\" to disprove TAP's statement that its customers' data wasn't\r\naccessed in the incident.\r\n\"Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled\r\nthe cyber attack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be\r\ncompromised),\" the gang says.\r\nRagnar Locker also shared a screenshot of a spreadsheet containing what looks like customer information stolen from TAP's\r\nservers, including names, dates of birth, emails, and addresses.\r\nRagnar Locker ransomware attack proof (BleepingComputer)\r\nRagnar Locker ransomware payloads were first observed in attacks against several targets in late December 2019.\r\nhttps://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/\r\nPage 3 of 4\n\nAttackers using Ragnar Locker ransomware have also encrypted the systems of Portuguese multinational energy giant\r\nEnergias de Portugal (EDP) and asked for a 1580 BTC ransom (the equivalent of more than $10 million at the time).\r\nA list of Ragnar Locker's past victims also includes Japanese game maker Capcom, computer chip manufacturer ADATA,\r\nand aviation giant Dassault Falcon.\r\nIn March, the FBI said that Ragnar Locker ransomware had been deployed on the networks of at least 52 organizations from\r\nmultiple US critical infrastructure sectors since April 2020.\r\nTAP (short for Transportes Aéreos Portugueses) is the largest airline in Portugal, accounting for more than 50% of arrivals\r\nand departures at the Lisbon International Airport in 2019.\r\nTAP Air Portugal didn't reply to a request for comment when BleepingComputer reached out earlier today.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/\r\nhttps://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/"
	],
	"report_names": [
		"ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline"
	],
	"threat_actors": [],
	"ts_created_at": 1775434814,
	"ts_updated_at": 1775826755,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dd5b60470be348699af45d475f2f7e07c9935794.pdf",
		"text": "https://archive.orkl.eu/dd5b60470be348699af45d475f2f7e07c9935794.txt",
		"img": "https://archive.orkl.eu/dd5b60470be348699af45d475f2f7e07c9935794.jpg"
	}
}