Clop Ransomware Group Claims Theft of Over 2 Million Credit Cards From E-Land Retail


Monday, December 21st, 2020 | , ,

The Clop ransomware gang is claiming to have stolen over 2 million credit cards from popular E-Land retailer over a one-year period that ended with last months ransomware attack. E-Land Retail is a subsidiary of E-Land Global and operates numerous retail clothing stores. In November of 2020, E-Land Retail was forced to shut down twenty-three NC Department Store and New Core locations after suffering a ransomware attack from Clop.

While claiming that the attack “caused some damage to the company’s network and systems,” customer information and other sensitive data were able to be retrieved thanks to an encrypted backup being maintained on a separate server. However, in a recent interview with BleepingComputer, the cyber gang behind the Clop ransomware attack claims to have compromised E-Land’s network for over a year and have been quietly stealing credit cards using POS malware installed on the compromised network. They claim to have operated with impunity for over a year before the final ransomware attack and were able to steal the Track 2 data for 2 million credit cards thanks to the POS malware.

POS malware is used to scan the memory of point-of-sale (POS) terminals as credit card transactions occur. When credit card data is detected, the malware copies the credit card information as Track 1 or Track 2 data and transmits it back to the threat actor’s server. The stolen credit cards that CLOP claims to have stolen are in the form of Track 2 data, which includes a credit card number, the expiration date, and other information. Though it does not contain a credit card’s CVV code, so threat actors can only use it to create fake credit cards for in-store purchases. The group also claims to have targeted approximately 90,000 IP addresses within E-Land’s network.


Sources:

Share this: