[BreachExchange] Ransomware hits e-commerce platform X-Cart

Destry Winant destry at riskbasedsecurity.com
Thu Nov 12 10:56:55 EST 2020


https://www.zdnet.com/article/ransomware-hits-e-commerce-platform-x-cart/

E-commerce software vendor X-Cart suffered a ransomware attack at the
end of October that brought down customer stores hosted on the
company's hosting platform.

The incident is believed to have taken place after attackers exploited
a vulnerability in a third-party software to gain access to X-Cart's
store hosting systems.

"We have identified what we believed to have been the vulnerability
but do not wish to disclose the name until its confirmed by our
security firm," Jeff Cohen, VP of Marketing for Seller Labs, the
company behind X-Cart, told ZDNet in an email.

Cohen said the attackers gained access to a small number of servers,
which they encrypted, effectively bringing down X-Cart stores running
on top of the impacted systems. Some stores went down completely,
while others reported issues with sending email alerts.

"The outage impacted a small percentage of our infrastructure, mainly
those on our shared hosting servers.

"Our core systems were not impacted," Cohen said.

In the meantime, Cohen said that "all customer websites have since
been restored."

Nevertheless, the outage, which lasted for a few days, rubbed some
store owners the wrong way, with a few trying to organize a
class-action lawsuit against the store hoster.

CLASS-ACTION LOOMING?

In response to this initiative, Cohen said the company's "first
priority" during the ransomware attack "has been to get every customer
back online and ensure we have a stable and secure system."

The Seller Labs exec said they are keeping communication channels open
with any customer affected by the recent ransomware attack and
encouraged them to reach out for help or discussions.

Asked if Seller Labs paid the ransomware gang to recover its files,
Cohen said they chose to restore from backups, and that payment
couldn't be made either way because "the hackers didn't provide any
way to communicate."

X-Cart's free/downloadable e-commerce CMS isn't believed to have been
impacted or tainted following the X-Cart ransomware incident.

X-Cart joins a long list of ransomware incidents that have impacted
web hosting and data center providers. The list also includes Equinix,
CyrusOne, Cognizant, A2 Hosting, SmarterASP.NET, Dataresolution.net,
and Internet Nayana.

PortSwigger's The Daily Swig first reported on the X-Cart ransomware
incident. ZDNet reported independently from a different source.


More information about the BreachExchange mailing list