# Ransomware gang says they stole 2 million credit cards from E-Land **[bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/](https://www.bleepingcomputer.com/news/security/ransomware-gang-says-they-stole-2-million-credit-cards-from-e-land/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) December 3, 2020 02:02 AM 0 Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack. E-Land Retail, a subsidiary of E-Land Global, operates numerous retail clothing stores, including New Core and NC Department Store. Last month, E-Land Retail had to shut down 23 NC Department Store and New Core locations after [suffering a CLOP ransomware attack.](https://www.bleepingcomputer.com/news/security/ransomware-forces-e-land-south-korean-retail-giant-to-close-stores/) At the time of the attack, E-Land Retail stated that sensitive customer data was safe as it was encrypted on another server. "Although this ransomware attack caused some damage to the company's network and system, Customer information and sensitive data are encrypted on a separate server." ----- It is in a safe state because it is managed, E-Land Retail CEO Chang-Hyun [Seok disclosed in a notice on their web site.](https://www.elandretail.com/service/customer_center_03.do?bbsID=380002&boardID=BID00000000000000377) However, in an interview with BleepingComputer, the CLOP ransomware operators claimed to have breached E-Land over a year ago and have been quietly stealing credit cards using POS malware installed on the network. "Over a year ago, we hacked their network, everything is as usual. We thought what to do, installed POS malware and left it for a year. Before the lock, the cards were collected and deciphered, for a whole year the company did not suspect and did nothing," the CLOP gang told BleepingComputer. Using the installed POS malware, CLOP told BleepingComputer that they stole the Track 2 data for 2 million credit cards over the past year. **Redacted sample of Track 2 data allegedly stolen by CLOP** POS malware is used to scan the memory of point-of-sale (POS) terminals as credit card transactions occur. When credit card data is detected, the malware copies the credit card information as Track 1 or Track 2 data and transmits it back to the threat actor's server. ----- **[POS malware attack model (Carbon Black)](https://www.bleepingcomputer.com/news/security/visa-warns-of-ongoing-cyber-attacks-on-gas-pump-pos-systems/)** The stolen credit cards that CLOP claims to have stolen are in the form of Track 2 data, which includes a credit card number, the expiration date, and other information. It does not, though, contain a credit cards CVV code, so threat actors can only use it to create fake credit cards for in-store purchases. CLOP also told BleepingComputer that they targeted approximately 90k IP addresses, but are unsure as to how many were actually encrypted. BleepingComputer has made repeated attempts to contact E-Land Global and E-Land Retail but have not received a reply to our emails. ## Related Articles: [Windows 11 KB5014019 breaks Trend Micro ransomware protection](https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/) [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [New ‘Cheers’ Linux ransomware targets VMware ESXi servers](https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/) [SpiceJet airline passengers stranded after ransomware attack](https://www.bleepingcomputer.com/news/security/spicejet-airline-passengers-stranded-after-ransomware-attack/) [Microsoft: Credit card stealers are getting much stealthier](https://www.bleepingcomputer.com/news/security/microsoft-credit-card-stealers-are-getting-much-stealthier/) [Clop](https://www.bleepingcomputer.com/tag/clop/) [Credit Card](https://www.bleepingcomputer.com/tag/credit-card/) [E-Land](https://www.bleepingcomputer.com/tag/e-land/) ----- [E-Land Retail](https://www.bleepingcomputer.com/tag/e-land-retail/) [POS Malware](https://www.bleepingcomputer.com/tag/pos-malware/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/google/google-is-closing-3d-model-site-poly-to-focus-on-ar-experiences/) [Next Article](https://www.bleepingcomputer.com/news/security/android-apps-with-200-million-installs-vulnerable-to-security-bug/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ## You may also like: -----