- Ransomware Gang C10P seems to have claimed his last victim
- Sam’s Club – Walmart Wholesale Club is investigating rape
- It is likely that the violation is part of an anterior exploitation of a vulnerability of transfer of Cleo files
Infamous Ransomware Gang C10P has published files that affirm that they belong to the membership organization owned by Walmart Sam’s Club. The group published a message on a dark escape site alleging “the company does not matter to its customers, it ignored its safety!”
This is the last development in an previous attack since the late 2024, where a vulnerability in the transfer of Cleo files led to the commitment of at least two dozen organizations, and C10P was rose to steal the information.
Cybernews researchers discovered the leaked information, but Sam’s Club told them that there is currently no evidence of a security or intrusion incident, although the problem is being investigated.
Ransomware Resurgence
Sam’s Club claims to have more than 70 million members, and more than 2 million employees, with locations in North and Central America.
Sam’s Club customers can fill medical recipes and offer health exams, which means that violation may have exhibited extremely sensitive customer health information. His alleged computer pirates intercepted the personal data of around 100,000 employees in the violation, although the scope of the commitment is not yet known.
C10P is a notorious ransomware gang, and has been so prolific that it is feeding a resurgence in ransomware in 2025, and realizes 385 attacks in the first weeks of the year.
“The Ransomware Clop gang is still making hay, while the vulnerable safe file transfer continues to shine for them, raising around half a billion dollars to date, a quite amazing success story,” confirmed Matt Aldridge, senior consultant of main solutions in Opensext Cybersecurity.
“This continues a growing trend that we are seeing from the ransomware gangs focused on extortion based on data theft instead of simply denied access to data by using encryption.”
The group was formed in 2019, and since then it has been responsible for one of the largest cyber attacks in 2023, a violation that stole the data of more than 600 organizations, with more than 40 million affected customers.
