The Nefilim Ransomware Group Has Hit ‘Spirit Airlines’

  • American ultra-low-cost airline “Spirit Airlines” had a ransomware breach by the Nefilim group.
  • Parts of the stolen data are leaked on the dark web, and they contain credit card and transaction details.
  • The airline hasn’t acknowledged the security incident yet, and neither have they sent notices of a breach.

The Florida-based low-cost airline “Spirit Airlines” has been hit by the Nefilim ransomware group, which is already publishing samples of the stolen data on their dark web portal. The first block of the stolen data has a size of 40GB.

It contains over 33,000 files, including financial information and various sensitive personal details of customers who bought a ticket and flew with Spirit between 2006 and 2021. So, apparently, the stolen data corresponds to the last 15 years of the airline’s operational information.

We have used specialized dark web intelligence tools provided by KELA to check what type of data is being leaked exactly. Unfortunately, we’ve seen credit card lists and detailed transaction records, email addresses, holder names, and partially hidden card numbers.

Source: KELA

On one of the sets, the crooks are leaking dispute records where one can see dates, credit card details (partial again), travel and ticket-related details, and a short description of the dispute. These details are obviously violating the privacy of the exposed individuals and open the door to spammers, scammers, phishing actors, and even extortionists, depending on the case.

Source: Suspectfile.com

For this reason, one would expect Spirit Airlines to send out notices of a breach immediately. Still, when writing this, the low-cost airline hasn’t made any public statements about the leaking data, hasn’t distributed any notices to its customers, and hasn’t even acknowledged any security incidents. So it wouldn’t be far-fetched to suggest that the airline may not have realized the breach yet, so Nefilim actors could still be roaming on its network.

It is very hard not to notice the encryption and system lock-down aspect of a ransomware infection. However, if Nefilim snatched the data from an unprotected database or a backup server that isn’t used for “live” operations, then the “Spirit Airlines” IT team wouldn’t notice it immediately. Also, considering that ultra-low-cost airlines cut expenses everywhere they can, especially during these times when the pandemic shattered their business, maintaining an active IT team that monitors everything would be improbable.

We have reached out to the customer service of Spirit Airlines, and we will update this piece as soon as we hear back from them.

REVIEW OVERVIEW

Latest

How to Put and Remove SIM Card From iPhone 13, Mini, Pro, and Pro Max

Before you can set up your iPhone 13 and activate your new phone, you'll need to supply your SIM card. This is a straightforward, one-time...

Roku Launches New 4K Streaming Stick Along With Roku OS 10.5

Roku is rolling out Roku OS 10.5 with several voice command additions and audio control improvements. The streaming company has also released...

How to See Open Apps on Your iPhone 13, Mini, Pro, and Pro Max

As you start to use iOS, you'll begin to open and interact with its apps. However, you can check which apps are...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari