- Ransomware gang c10p seems to have claimed his last victim
- Sam’s Club – Walmart Wholesale Club Investigation on the violation
- The violation is most likely part of a previous exploitation of a vulnerability to transfer key files
The infamous gang of Ransomware C10P has published files which, according to him, belong to the organization of membership belonging to Walmart, Sam’s Club. The group published a message on a dark flight site saying that “the company does not care about its customers, it has ignored their security !!!”
This is the latest development of an attack prior to the end of 2024, where vulnerability in the transfer of key files led to compromise of at least two dozen organizations, the C10P claiming responsibility for stealing the information.
Cybernews researchers have discovered the information disclosed, but the Sam’s Club said that there is currently no evidence of a security incident or an intrusion, although the problem is studied.
Ransomware resurgence
The SAM club claims to have more than 70 million members and more than 2 million employees, with locations in North America and Central America.
Customers of the SAM club can fulfill medical prescriptions and offer health screening, which means that the violation may have exposed information on the health of extremely sensitive customers. His alleged hackers intercepted personal data of approximately 100,000 employees in the violation, although the scope of the compromise is not yet known.
The C10P is a notorious ransomware gang and has been so prolific that it fuels a resurgence of ransomware in 2025, claiming responsibility for 385 attacks during the first weeks of the year.
“The gang of clop ransomware is still hay while the Solet Transfer Secred Solet vulnerable continues to shine for them, ratifying about half a billion dollars to date – a fairly amazing success,” confirmed Matt Aldridge, principal consultant of the main solutions at OpenText Cybersecurity.
“This continues an increasing trend that we see from ransomware gangs focusing on extortion based on data theft rather than purely refused access to data through the use of encryption.”
The group was created in 2019 and has since been responsible for one of the largest cyber attacks of 2023 – a violation which saw the data of more than 600 stolen organizations, with more than 40 million affected customers.
