- Seoul-based retail giant ‘E-Land’ was forced to close 23 out of its 50 stores due to ransomware.
- The company contracted investigators and informed the police, so there are no plans to pay the ransom.
- The threat actors may have stolen highly sensitive data from E-Land’s network, but this hasn’t been confirmed yet.
South Korean retail giant ‘E-Land’ has suffered a ransomware attack that hit them over the weekend, which they made public on Sunday. The compromise of the corporate network resulted in disrupting operations of 23 physical stores, including the “NC Department Store” and the “NewCore Outlet.”
That is a disruption of 46% of the total number of stores owned and operated by the ‘E-Land Group,’ happening during the “Black Friday” week. This percentage was shut-down to protect the others from being affected, too, so there was a response from the company’s IT team.
This is an indication of where ransomware actors are planning to hit this week, as obstructing sales at this moment in time is catastrophic for retailers. This could result in quick ransom payments that won’t go through many negotiations, as the stores want to get back to normal operations and to selling goods to customers.
‘E-Land’ hasn’t admitted paying anything to the actors, however, and instead, they mention that they informed the police about the cyber-attack, asking them to investigate the origin. Based on that, the actors are not to expect a payment, which is typical for East Asian companies. The firm’s problem, though, is not only the business disruption but also the potential data breach that stems from the file exfiltration that happens when ransomware attacks occur.
The ‘E-Land’ conglomerate operates fashion apparel stores, restaurants, theme parks, hotels, and even construction businesses, so it is possible that the compromised data is extremely sensitive. The company only declared the attack and the initiation of investigations, so there’s nothing on that part yet. If there’s any data to use for extortion, we’ll get to know about it in a week, which is usually when the first samples are publicly leaked on dedicated dark web portals.