At the end of October, the e-commerce software platform X-Cart suffered a ransomware attack, the infection brought down customers’ e-stores hosted by the company on its platform.
The software and services company X-Cart was recently acquired by Seller Labs, the premier software and services provider for Amazon sellers and brands.
The company immediately launched an internal investigation and discovered that threat actors exploited a vulnerability in third-party software management tool to access the hosting platform and install the ransomware.
“On October 21, 2020, at approximately 11 am EST, X-Cart in cooperation with our infrastructure provider identified that some of our servers were down due to a ransomware attack. All customer websites have since been restored.
The vulnerability was in a 3rd party software tool we used to manage our service infrastructure. We have removed this tool from our systems and are working with a security firm to confirm the source of entry and identify the ransomware strain. Once that report is ready, we will share it with our customers.” Jeff Cohen, vice president of marketing at X-cart, told The Daily Swig.
“An outage of any kind is disruptive to our customers and impacts each of them differently. The X-Cart team remains focused on helping customers get back to business.”
According to Cohen, threat actors gained access to a small portion of the platform and encrypted some of its servers bringing down the X-Cart stores they were hosting.
Users reported that the systems were down for several days, is some cases customers restored their operations but claimed to have missed order information and settings changes.
“Email servers were also impacted as DKIM records and such weren’’t set up,” states The Daily Swig.
The company claims that its core systems were not impacted and states that all customer websites have since been restored.
X-Cart pointed out that the outage was “limited to customers that were on our shared hosting plans” and none of its dedicated hosting clients were impacted.
In response to this initiative, Cohen said the company’s “first priority” during the ransomware attack “has been to get every customer back online and ensure we have a stable and secure system.”
According to Cohen, the company did not pay the ransom and recoverd its files from backups. He also added that the threat actors didn’t provide any way to communicate with them, and this is very strange for ransomware attacks.
“At this time, we believe we know the third-party tool but do not want to disclose it until our security agency confirms and completes the audit,” Cohen explained. “They have narrowed down the ransomware strain but have not reported the final findings.” concludes Cohen.
“The ransomware hackers do not provide a way to communicate so to comply with US laws we had to work on a recovery process.”
At the time, it is not clear the family of ransomware that infected the systems at the hosting platform.
(SecurityAffairs – hacking, X-Cart)