{
	"id": "b9c61d0f-f8a9-4189-85f6-7ef00419620c",
	"created_at": "2026-04-06T01:31:02.997616Z",
	"updated_at": "2026-04-10T03:24:29.566386Z",
	"deleted_at": null,
	"sha1_hash": "cda322f1ef1c9d0122d350e4afa1e481ac44e978",
	"title": "Ransomware gang says they stole 2 million credit cards from E-Land",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1878376,
	"plain_text": "Ransomware gang says they stole 2 million credit cards from E-Land\r\nBy Lawrence Abrams\r\nPublished: 2020-12-03 · Archived: 2026-04-06 00:43:12 UTC\r\nClop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with\r\nlast months ransomware attack.\r\nE-Land Retail, a subsidiary of E-Land Global, operates numerous retail clothing stores, including New Core and NC\r\nDepartment Store.\r\nLast month, E-Land Retail had to shut down 23 NC Department Store and New Core locations after suffering a CLOP\r\nransomware attack.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAt the time of the attack, E-Land Retail stated that sensitive customer data was safe as it was encrypted on another server.\r\n\"Although this ransomware attack caused some damage to the company's network and system, Customer information and\r\nsensitive data are encrypted on a separate server.\"\r\n\"It is in a safe state because it is managed,\" E-Land Retail CEO Chang-Hyun Seok disclosed in a notice on their web site.\r\nHowever, in an interview with BleepingComputer, the CLOP ransomware operators claimed to have breached E-Land over a\r\nyear ago and have been quietly stealing credit cards using POS malware installed on the network.\r\n\"Over a year ago, we hacked their network, everything is as usual. We thought what to do, installed POS malware and left it\r\nfor a year. Before the lock, the cards were collected and deciphered, for a whole year the company did not suspect and did\r\nnothing,\" the CLOP gang told BleepingComputer.\r\nUsing the installed POS malware, CLOP told BleepingComputer that they stole the Track 2 data for 2 million credit cards\r\nover the past year.\r\nRedacted sample of Track 2 data allegedly stolen by CLOP\r\nPOS malware is used to scan the memory of point-of-sale (POS) terminals as credit card transactions occur. When credit\r\ncard data is detected, the malware copies the credit card information as Track 1 or Track 2 data and transmits it back to the\r\nthreat actor's server.\r\nThe stolen credit cards that CLOP claims to have stolen are in the form of Track 2 data, which includes a credit card number,\r\nthe expiration date, and other information. It does not, though, contain a credit cards CVV code, so threat actors can only use\r\nit to create fake credit cards for in-store purchases.\r\nCLOP also told BleepingComputer that they targeted approximately 90k IP addresses, but are unsure as to how many were\r\nactually encrypted.\r\nBleepingComputer has made repeated attempts to contact E-Land Global and E-Land Retail but have not received a reply to\r\nour emails.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/"
	],
	"report_names": [
		"ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439062,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cda322f1ef1c9d0122d350e4afa1e481ac44e978.pdf",
		"text": "https://archive.orkl.eu/cda322f1ef1c9d0122d350e4afa1e481ac44e978.txt",
		"img": "https://archive.orkl.eu/cda322f1ef1c9d0122d350e4afa1e481ac44e978.jpg"
	}
}