Trans Maldivian Airways data breach is the newest to the debacle of cyber attacks on airlines after RansomHouse group added the airways to their victim list. The threat group claims to have access to 350 GB of company data.
Trans Maldivian Airways is a private airline based in Velana International Airport in the Maldives. It is the oldest seaplane transfer operator in the country, connecting tourists to various resorts.
Trans Maldivian Data Breach may have likely occurred on December 31, after the hacker group claims to have encrypted the data. The company is yet to comment on TCE’s email enquiry.
RansomHouse #Ransomware group added Trans Maldivian Airways(https://t.co/OVl9GGRRVP), to their victim list. They claim to have access to 350GB of company data.#Maldives #DarkWeb #DeepWeb #CyberRisk #databreach pic.twitter.com/t4ebo4pt3e
— FalconFeedsio (@FalconFeedsio) January 13, 2023
Trans Maldivian Data Breach: The Scale
Trans Maldivian currently offers transfer services to more than eighty resorts in the island nation. The Maldives’ collection of islands is the main draw for tourists visiting the country.
If the ransomware claims are true, the threat actors could get access to the details of tourists from all over the world.
The tourism industry is the biggest contributor to the Maldives’ economy, bringing in significant foreign exchange revenue and providing jobs for 25,000 people in the service sector.
China, Germany, UK, Italy, and India lead among international visitors to Maldives. The country welcomed its one millionth visitor of 2022 in August.
Airlines and cyber attacks
Trans Maldivian Airways is the latest in the line of several victims in the sector.
“The airline industry is an attractive target for cyber threat actors with a multitude of motivations, ranging from stealing value in data or money to causing disruptions and harm,” said an IATA briefing on aviation and cybersecurity.
Indian airline operator Akasa Air suffered a data breach that leaked the personal information of its passengers, including their email addresses, names, gender, and other private information, in August 2022.
ALPHV ransomware in November claimed to have attacked Thailand-based low-cost airline Nok Air. The Cyber Express found screenshots of the stolen data posted on the ransomware’s data leak website on November 20, 2022.
The threat group claims to have exfiltrated over 500GB of data. The airline primarily provides domestic services in Thailand, at Bangkok’s Don Mueang International Airport.
Shortly, Malaysian airline AirAsia suffered a ransomware attack that exposed the data of over 5 million customers. The details exposed in the attack included names, dates of birth, and country of birth, among others. As per reports, the Daixin team claimed responsibility for the breach.
RansomHouse, an unusual threat actor
Security researchers speculate that RansomHouse is a collection of frustrated white hats who have collectively been pushed to the point of punishing organizations that continue to have lax security in their infrastructure, said a Malwarebytes Labs threat assessment.
This cyber extortion group, which came up in cybersecurity news in 2022, gains access to victims’ networks by exploiting vulnerabilities, stealing data, and then threatening to sell it to the highest bidder or leak it on their website unless the victim pays a ransom.
This group is different from others as they present themselves as penetration testers and bug bounty hunters, according to the Malwarebytes Labs assessment.
They steal data from their targets and then offer to delete it and provide a report on the vulnerabilities they exploited in exchange for payment. According to the mode of operation, the security practices of Trans Maldivian Airways will face some scrutiny.