Ransomware hits e-commerce platform X-Cart

Company says it has now recovered from the attack and all customer sites are now back up.

X-Cart

E-commerce software vendor X-Cart suffered a ransomware attack at the end of October that brought down customer stores hosted on the company's hosting platform.

Executive guide

Ransomware: One of the biggest menaces on the web

Everything you need to know about ransomware: how it started, why it's booming, how to protect against it, and what to do if your PC's infected.

Read More

The incident is believed to have taken place after attackers exploited a vulnerability in a third-party software to gain access to X-Cart's store hosting systems.

"We have identified what we believed to have been the vulnerability but do not wish to disclose the name until its confirmed by our security firm," Jeff Cohen, VP of Marketing for Seller Labs, the company behind X-Cart, told ZDNet in an email.

Cohen said the attackers gained access to a small number of servers, which they encrypted, effectively bringing down X-Cart stores running on top of the impacted systems. Some stores went down completely, while others reported issues with sending email alerts.

"The outage impacted a small percentage of our infrastructure, mainly those on our shared hosting servers.

"Our core systems were not impacted," Cohen said.

In the meantime, Cohen said that "all customer websites have since been restored."

Nevertheless, the outage, which lasted for a few days, rubbed some store owners the wrong way, with a few trying to organize a class-action lawsuit against the store hoster.

Class-action looming?

In response to this initiative, Cohen said the company's "first priority" during the ransomware attack "has been to get every customer back online and ensure we have a stable and secure system."

The Seller Labs exec said they are keeping communication channels open with any customer affected by the recent ransomware attack and encouraged them to reach out for help or discussions.

Asked if Seller Labs paid the ransomware gang to recover its files, Cohen said they chose to restore from backups, and that payment couldn't be made either way because "the hackers didn't provide any way to communicate."

X-Cart's free/downloadable e-commerce CMS isn't believed to have been impacted or tainted following the X-Cart ransomware incident.

X-Cart joins a long list of ransomware incidents that have impacted web hosting and data center providers. The list also includes EquinixCyrusOneCognizantA2 HostingSmarterASP.NETDataresolution.net, and Internet Nayana.

PortSwigger's The Daily Swig first reported on the X-Cart ransomware incident. ZDNet reported independently from a different source.