Quote:The Clop ransomware group is at it again. On Thursday, the gang claimed that it stole 2 million credit cards from South Korean retailer E-Land over a one-year period, in a campaign that culminated with a ransomware attack on the company’s headquarters in November.
 
Operators of Clop ransomware reportedly said that they were responsible for the November attack that forced E-Land — a subsidiary of E-Land Global — to shut down 23 of its New Core and NC Department Store locations.
 
But the group had infiltrated the organization long before that, and was already stealing data before the attack using point-of-sale (POS) malware it had installed on the network, operators said in a Bleeping Computer interview posted Thursday.“Over a year ago, we hacked their network, everything is as usual,” the group told Bleeping Computer. “We thought what to do, installed POS malware and left it for a year.”
 
The group claimed that the company did not suspect it was leaking data and seemed taken by surprise by the Clop ransomware attack on Nov. 22, which forced E-Land to suspend operations at nearly half of its stores in South Korea, according to the report.
 
E-Land acknowledged that a ransomware attack against the company’s headquarters server not only forced some store closures but also caused some damage to E-Land’s network and systems, in a statement on its website posted the day of the attack. E-Land immediately shut down the server to prevent further damage, the company said.
However, customer information and sensitive data were safe from the attack because these “are encrypted on a separate server,” the company said at the time. “It is in a safe state because it is managed.”

E-Land began working with authorities immediately after the attack to recover damage, according to an investigation and recovery that is ongoing.