The Nefilim Ransomware Group Has Hit ‘Spirit Airlines’

By Bill Toulas / March 6, 2021

The Florida-based low-cost airline "Spirit Airlines" has been hit by the Nefilim ransomware group, which is already publishing samples of the stolen data on their dark web portal. The first block of the stolen data has a size of 40GB.

It contains over 33,000 files, including financial information and various sensitive personal details of customers who bought a ticket and flew with Spirit between 2006 and 2021. So, apparently, the stolen data corresponds to the last 15 years of the airline’s operational information.

We have used specialized dark web intelligence tools provided by KELA to check what type of data is being leaked exactly. Unfortunately, we’ve seen credit card lists and detailed transaction records, email addresses, holder names, and partially hidden card numbers.

Source: KELA

On one of the sets, the crooks are leaking dispute records where one can see dates, credit card details (partial again), travel and ticket-related details, and a short description of the dispute. These details are obviously violating the privacy of the exposed individuals and open the door to spammers, scammers, phishing actors, and even extortionists, depending on the case.


For this reason, one would expect Spirit Airlines to send out notices of a breach immediately. Still, when writing this, the low-cost airline hasn’t made any public statements about the leaking data, hasn’t distributed any notices to its customers, and hasn’t even acknowledged any security incidents. So it wouldn’t be far-fetched to suggest that the airline may not have realized the breach yet, so Nefilim actors could still be roaming on its network.

It is very hard not to notice the encryption and system lock-down aspect of a ransomware infection. However, if Nefilim snatched the data from an unprotected database or a backup server that isn’t used for "live" operations, then the "Spirit Airlines" IT team wouldn’t notice it immediately. Also, considering that ultra-low-cost airlines cut expenses everywhere they can, especially during these times when the pandemic shattered their business, maintaining an active IT team that monitors everything would be improbable.

We have reached out to the customer service of Spirit Airlines, and we will update this piece as soon as we hear back from them.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: