TAP (Transportes Aéreos Portugueses) Air Portugal is a state-owned flag carrier airline, headquartered at Lisbon Airport which also serves as its hub.

The member of the Star Alliance since 2005 operates on average 2,500 flights a week to 90 destinations in 34 countries worldwide, with its fleet that consists of 100 Airbus aircraft. The airline is the largest in Portugal, accounting for more than 50% of arrivals and departures at the Lisbon International Airport in 2019.

And this time, TAP became the target of a cyberattack launched by the Ragnar Locker Ransomware gang.

The hacker group that claimed to have attacked the flag carrier of Portugal, disclosed the hack after the airline's systems were hit.

During the attack, the airline published an alert that said that its website and app were unusable.

Fortunately, the airline said that the attack was then blocked, and later said that it found no evidence indicating the attackers gained access to customer information stored on impacted servers.

"TAP was the target of a cyber-attack, now blocked. Operational integrity is guaranteed," the airline operator revealed in a statement through its official Twitter account.

"No facts have been found that allow us to conclude that there has been improper access to customer data. The website and app still have some instability."

The company also added that as services started to resume normally, customers could book flight, manage previously made bookings, check in, and download their boarding passes.

However, the Ragnar Locker Ransomware Gang said that things were quite the opposite.

The hacker gang posted an entry on their data leak website to explain that it has "reasons" to believe that hundreds of gigabytes of data might have been compromised in the incident. The ransomware gang also threatened TAP to provide "irrefutable evidence" to disprove its statement that its customers' data wasn't accessed in the incident.

"Several days ago Tap Air Portugal made a press-release where they claimed with confidence that they successfully repelled the cyber attack and no data was compromised (but we do have some reasons to believe that hundreds of Gigabytes might be compromised)," the gang said.

Ragnar Locker also shared a screenshot of a spreadsheet containing what looks like customer information stolen from TAP's servers, including names, dates of birth, emails, and addresses.

Because data of more than 400,000 customers are at stake, if the statement by the ransomware gang is true, the case could lead the Portuguese airline to suffer a heavy fine from the regulator.

Ragnar Locker ransomware gang has been delivering their payloads in their attacks that can be traced back to late December 2019.

As for its targets, the hackers have encrypted systems owned by Portuguese multinational energy giant Energias de Portugal (EDP), and asked for a 1580 Bitcoin in ransom. At that time, this is the equivalent of more than $10 million.

Other victims include Japanese game maker Capcom, computer chip manufacturer ADATA, and aviation giant Dassault Falcon.

According to a report from the FBI, until March of 2022, the Ragnar Locker ransomware had been deployed on the networks of at least 52 organizations from multiple U.S. critical infrastructure sectors since April 2020.