Clop ransomware claimed to have stolen 2 million credit cards from E-Land Retail over a one-year period. E-Land Retail, a subsidiary of E-Land Global, operates numerous retail clothing stores, including New Core and NC Department Store.Last months, E-Land retail shut down number of stores after suffering a CLOP ransomware attack. E-Land Retail assure that this ransomware attack has not affected the customer data which was kept on different server in encrypted form.
Ransomware operators no longer lead with encrypting data. Rather, many are taking their time to understand their victim environments, navigating throughout the infrastructure to find valuable information that is worth stealing as well as gaining an understanding of what information is worth encrypting with ransomware, and how much they should charge.
If the groups claims are to be believed, they had been inside the network for over a year. This is why it\’s important for organisations to try and prevent criminal gangs entering their environment to begin with by having good technical controls such as perimeter controls, patching software, MFA, and security awareness training amongst others. Similarly, it\’s important to have strong monitoring and threat detection controls in place so that any infiltration can be quickly and reliably detected so that remedial action can be taken.
This is a timely reminder that Ransomware operators have changed their tactics and become far more targeted. Not only are they performing data theft and public bullying, but they remain active inside an organisation for extended periods prior to detection. In this case, valuable credit card details were stolen from retail Point of Sale systems- such systems are often unable to be covered by end point security software.
In situations such as these, the performance and analytical power of AI is needed to detect the subtle indicators of ransomware behaviours and the misuse of privileged credentials from networks and the cloud. This can be done at a speed and scale that humans and traditional signature-based tools simply cannot achieve. Ransomware will continue to be a potent tool in cybercriminals’ arsenals as they attempt to exploit, coerce, and capitalise on organisations’ valuable digital assets.
For those looking to transfer the financial risk of ransomware to insurers should also take note that S&P recently predicted a 20-30% hike in cyber insurance premiums, and even some policies containing ransomware specific restrictions. This means the ability to quickly and accurately detect and respond to the early stages of a ransomware operation compromising your systems, will become even more critical.