The Cl0p Ransomware Gang's Attack on Allegiant Air

The Cl0p ransomware gang has attacked Allegiant Air. Allegiant Air was founded in January 1997 as WestJet Express and later rebranded as Allegiant Air in June 1998. It initially operated as a charter airline, focusing on leisure destinations from smaller regional airports to popular vacation spots. The airline primarily serves leisure destinations across the United States, including popular vacation spots like Las Vegas, Orlando, Myrtle Beach, and several locations in Florida, Arizona, and California. Allegiant Air often operates flights from smaller regional airports, making it convenient for travelers in smaller cities to access popular tourist destinations.

Cl0p posted Allegiant Air to its data leak site on July 18th, claiming to have stolen 40GB of organizational data. Cl0p is a major Ransomware-as-service (RaaS) platform first observed in 2019. Cl0p is a dangerous ransomware family because it has advanced anti-analysis capabilities and anti-virtual machine analysis to prevent investigations in an emulated environment like those commonly used by security tools. Cl0p is one of just a handful of threat actors that have developed a Linux version. While Linux has a tiny footprint in desktop computing, it runs ~80% of web servers and a substantial portion of embedded devices used in the healthcare field – and this means that Cl0p is likely actively recruiting new talent to help improve their platform and expand the scope of what and whom they can attack.