![Ransomware gang confesses the crime of stealing 2 mn credit cards from E Land Ransomware gang confesses the crime of stealing 2 mn credit cards from E Land](https://varindia.com/storage/news/uploads/2018/02/5fcafb3587f77.jpg)
Clop ransomware confesses to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last month’s ransomware attack.
E-Land Retail, a subsidiary of E-Land Global, operates numerous retail clothing stores, including New Core and NC Department Store.
E-Land Retail, last month had to shut down 23 NC Department Store and New Core locations after suffering a CLOP ransomware attack.
At the time of the attack, E-Land Retail stated that sensitive customer data was safe as it was encrypted on another server.
"Although this ransomware attack caused some damage to the company's network and system, Customer information and sensitive data are encrypted on a separate server."
"It is in a safe state because it is managed," E-Land Retail CEO Chang-Hyun Seok disclosed in a notice on their web site.
However, in an interview with an online news portal, the CLOP ransomware operators claimed to have breached E-Land over a year ago and have been quietly stealing credit cards using POS malware installed on the network.
"Over a year ago, we hacked their network, everything is as usual. We thought what to do, installed POS malware and left it for a year. Before the lock, the cards were collected and deciphered, for a whole year the company did not suspect and did nothing," the CLOP gang confessed..
Using the installed POS malware, CLOP told BleepingComputer that they stole the Track 2 data for 2 million credit cards over the past year.
CLOP claims that the stolen credit cards are in the form of Track 2 data, which includes a credit card number, the expiration date, and other information. It does not, though, contain a credit cards CVV code, so threat actors can only use it to create fake credit cards for in-store purchases.
CLOP also further said that they have targeted approximately 90k IP addresses, but are unsure as to how many were actually encrypted.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.