Posted on November 9, 2020 at 11:59 AM
E-commerce Platform X-Cart Recovers from a Ransomware attack
E-commerce platform X-Cart was recently attacked with ransomware. However, the company revealed it has since recovered from the attack and all its services have returned to normal.
The ransomware infected X-Cart systems at the end of last month, as it brought down customer stores on the firm’s hosting platform.
According to reports on the ransomware attack, the incident took place after the threat actors successfully exploited a bug in the third-party software, gaining access to the company’s store hosting systems.
Seller Labs is the parent company of X-Cart, and its Vice President of Marketing, Jeff Cohen, has commented on the development. He said the company identified the vulnerability but didn’t want to make it public until the company’s security team has confirmed it.
Core systems not impacted
Cohen also revealed that the attackers were able to access and encrypt some servers, effectively disrupting the X-Cart stores and taking them down. According to him, some of the stores were completely down while some others had issues and sent email alerts.
“The outage impacted a small percentage of our infrastructure, mainly those on our shared hosting servers, Cohen said. But he also revealed that the companies main systems were not impacted by the attack. He also assured customers that all their websites have been restored and back to full operation.
However, the outage that lasted for some days did not go down well with some store owners as they are organizing a class-action lawsuit against the store host.
Class-action lawsuit imminent
The downtime experienced by some of the X-Cart customers affected them in the wrong way, and some of them are gathering evidence to file a case against the platform. But while responding to the imminent lawsuit, Cohen said the main priority of the company is to get their customers’ websites up and running as quickly as possible. The idea is to restore all systems to provide a secure and stable network.
He said the company has kept communication lines open to assist any customer who is affected by the incident. The firm is also asking customers to reach out for any query or issues they may be facing with their website or other issues.
No ransom was paid
Most ransomware attacks are engineered to hack into the target server, encrypt the data, and demand a ransom before decrypting back the data. However, Cohen said Seller Labs didn’t pay any ransom because there wasn’t any communication channel set by the hacker for such negotiation to take place. He said the company restored the systems from the backups rather than wait on the hackers to try and communicate.
Following the X-Cart ransomware incident, the platform’s e-commerce downloadable CMS was not affected, according to the statement credited to Cohen.
Ransomware Investigation still ongoing
The company stated that it learned that some of its systems were down on October 21, and subsequently discovered the issue was a result of a ransomware attack. The attack has caused severe issues for X-Cart customers, as the sites of some of the customers went down for a few hours.
Some of the systems were even inactive for several days. Even after they were restored, they had to be readjusted to fit the configuration. Email servers and DKIM records were not also left out, as the email system was disrupted and communication between systems wasn’t okay for some days.
Meanwhile, Seller Labs said the investigation into the ransomware incident is still ongoing, and the company will inform users about any new findings from the investigation.
The company said the third-party pool has been discovered, but no information wants to be made public yet. Although it reduced the impact of the ransomware attack, the whole system will come back to 100% performance capacity in a few days.
Ransomware incidents in the web hosting industry
X-Cart is not the only web hosting platform with recent ransomware attack incidents. Several others have been attacked in recent times, including Internet Navana, Dataresolution.net, SmarterASP, A2 Hosting, Cognizant, CyrusOne, as well as Equinix.