article featured image


On Thursday night, August 25, TAP Air Portugal was the victim of a cyberattack claimed by the Ragnar Locker ransomware gang on their website.

The largest airline in Portugal revealed the incident saying that the attack was stopped and the malicious actor leaked no customer information.

“TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed. No facts have been found that allow us to conclude that there has been improper access to customer data.”, the company declared on Friday via Twitter.

Even though on Monday on TAP website and app were still instabilities due to the Thursday cyberattack, the flight operator assured that passengers could book a flight, and manage reservations and boarding passes without logging in.

Who is Behind the Attack

The cyberattack on TAP Air Portugal was claimed by the Ragnar Locker ransomware gang but the airline company is yet to confirm if this was a ransomware attack or not.

On their data leak website, the ransomware group contradicts TAP’s statement regarding the customers’ data security saying that hundreds of Gigabytes of data might have been compromised in the cyberattack.

“Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled the cyberattack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be compromised),” the gang says, according to BleepingComputer.

On the same website, Ragnar Locker shared a document that seems to be a spreadsheet with customer information extracted from TAP’s servers: names, dates of birth, emails, and addresses.

What We Know About Ragnar Locker Ransomware

Ragnar Locker ransomware gang first appeared in late December 2019. Since then, a list of this group’s past targets includes Capcom, a Japanese game-making company, ADATA, a computer chip manufacturer, and the aviation giant Dassault Falcon.

Attackers using Ragnar Locker ransomware have also encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and asked for a 1580 BTC ransom (the equivalent of more than $10 million at the time).


From April 2020 to March 2022, Ragnar Locker ransomware seemed to be distributed on the networks of at least 52 organizations that are part of multiple US critical infrastructure sectors, according to the FBI.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.


Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *