E-commerce software platform X-Cart was hit by a ransomware attack which brought down customer stores hosted on the company’s hosting platform.
The incident which occurred at the end of October is believed to have taken place due to an exploitation of a vulnerability in a third-party software to attain access to X-Cart’s store hosting systems.
According to Jeff Cohen, VP of Marketing for Seller Labs, the company behind X-Cart, the vulnerability has been identified but does not wish to reveal the name until it is confirmed by their security firm.
Cohen stated that the attackers managed to access a small number of servers, which they encrypted resulting in bringing down X-Cart stores running on top of the impacted systems. While some stores went down completely, few others reported issues with sending email alerts.
The attack has affected only a small percentage of the infrastructure, especially those on the shared hosting servers. However, the core systems were not affected.
All the customer websites have been restored now.
Cohen said that the company’s first priority was to get back every customer online and ensure that they have a stable and secure system.
The communication channels are kept open with any customer affected by the ransomware attack. Cohen stated that they have restored from backups and they did not make any payments and also the hackers didn’t provide any way to communicate.
X-Cart’s free/downloadable e-commerce CMS has not been affected following the ransomware incident.
As of now it is not clear what ransomware has infected the systems at the hosting platform.