The Clop ransomware group strikes again! On Thurs., the gang claimed that it stole 2m credit cards from S. Korean retailer E-Land over a 1-year period, in a campaign that ended with a ransomware attack on the company’s HQ in Nov.
The ransomware group stole payment-card data & credentials for a year plus-, before ending with an attack last month that shut down many of the South Korean retailer’s stores.
Shut Down
Operators of Clop ransomware reportedly stated that they were responsible for the Nov. attack that forced E-Land — a subsidiary of E-Land Global — to shut down 23 of its New Core & NC Department Store locations.
The group had infiltrated the organisation way before that, & was already stealing data before the attack using point-of-sale (POS) malware it had installed on the network, operators said in a Bleeping Computer interview posted Thur.
POS Malware
“Over a year ago, we hacked their network, everything is as usual,” the group told Bleeping Computer. “We thought what to do, installed POS malware & left it for a year.”
The group claimed that the company did not suspect it was leaking data and seemed taken by surprise by the Clop ransomware attack on Nov. 22, which forced E-Land to suspend operations at nearly half of its stores in S. Korea, says the report.
E-Land acknowledged that a ransomware attack against the company’s headquarters server not only forced some store closures but also caused some damage to E-Land’s network & systems, in a statement on its website posted the day of the attack. E-Land immediately shut down the server to prevent further damage, the company observed.
Separate Server
However, customer information & sensitive data were safe from the attack because these “are encrypted on a separate server,” the company said at the time. “It is in a safe state because it is managed.”
E-Land began working with authorities immediately after the attack to recover damage, according to an investigation & recovery that is ongoing.
The Clop ransomware gang was 1st discovered in Feb. 2019 by MalwareHunterTeam & since then has been a persistent threat with a particularly potent modus operandi. Clop uses a tactic called “double extortion,” which means it steals the data & then if the victim does not meet ransom demands, dumps it on underground criminal forums for anyone to access.
German Multi-National
The group’s last major known attack happened in Oct., when it targeted Software AG, a German multi-national with operations in more than 70 countries, & demanded a massive $23 million ransom, threatening to dump stolen data if the company didn’t pay.
In April, the Clop gang struck biopharmaceutical company ExecuPharm & reportedly leaked some of the company’s compromised data on cyber-criminal forums after the ransom went unpaid.
Clop & other ransomware groups such as Conti, Ragnar Locker, Maze & others have been taking major advantage of the move to a remote workforce during the pandemic.
Zero-Day
Security issues trouble many organisations that were unprepared for the move, & threat players have been attacking vulnerable systems & zero-day flaws with abandon.
The threat is so great that ransomware & subsequent extortion tactics by cyber-criminals are among the leading threats on the horizon for 2021, mainly due to the fallout from the pandemic, researchers from Kaspersky observed in a predictive report posted last week.
https://www.cybernewsgroup.co.uk/virtual-conference-january-2021/
