It only took CLOP Ransomware group one year to steal two million credit cards from E-Land Retail, operator of retail clothing stores.

In November, E-Land Retail fell victim to a ransomware attack.

CLOP Ransomware confessed to having been in E-Land Retail’s environment for a year to fully comprehend the network. Under extreme surveillance, CLOP knew the correct time to deploy its ransomware. Once they became aware of the presence, E-Land Retail was forced to shut down twenty-three locations.

CLOP Ransomware deployed point-of-sale (POS) malware on the network to obtain credit card information. All this time, E-Land Retail had no idea and suspected nothing out of the ordinary.

Once a customer makes a transaction in the store at the register using a credit card, their information is given to the threat group. In other words, when the credit card is swiped, the malware copies its information and sends it to the threat actor’s server.

CLOP’s strategy allowed them to take the credit card number, the expiration date, but not the CVV code.

CLOP Ransomware is known for backdoor commands and lives in memory. In the past, CLOP Ransomware has stolen and encrypted sensitive data, then posted it on their data leak site when the ransom demand was not paid. In April, CLOP released the data of the biopharmaceutical company, ExecuPharm, because of an ignored ransom demand.

Sometimes the ransom requests are not the worst part of an attack. What can be detrimental to an organization is the negative publicity that arises, and destruction of the brand’s reputation as a trusted vendor.

As the holidays approach us, online shopping is going to be on the list. Be mindful and aware of where you are inserting your card information. Online stores and retailers need to pay close attention to their network and assess the environment frequently to avoid an attack.

Most threat actors are smart, and they know attacking your organization when it’s not ready is beneficial for them. The SpearTip Security Operations Center (SOC) is actively monitoring environments 24-hours a day and this allows us to respond to these incidents rapidly.

The engineers we employ are highly technical and certified, but we don’t stop there. The ShadowSpear® Platform we’ve generated allows our partners full visibility of their risk profile, while stopping threats in their tracks at the same time. ShadowSpear® has been deployed over thousands of systems in the world and protects businesses of any size from attacks by malicious threat actors.