On This Page: [hide]
X-Cart is an e-commerce solution that was acquired by Seller Labs last year. According to X-Cart’s official website, the company has more than 20 years of experience. Unfortunately, the platform suffered a ransomware attack, which took place at the end of October.
X-Cart ransomware attacks: the details
The incident affected a small percentage of the company’s infrastructure running on their shared hosting servers, while the core systems remained safe.
As a result of it, customer stores hosted on X-Cart’s hosting platform were brought down. The attack was possible due to a vulnerability in a third-party application that let attackers gain access to the company’s hosting systems.
Vulnerabilities often become gateways to various cyberattacks, as evident by the many cases HowToHosting.guide has covered. An example of an incident that took place thanks to a vulnerability is the File Manager plugin bug which endangered more than 700,000 WordPress sites.
Not much is known about the vulnerability, which enabled the ransomware attack, as the company doesn’t wish to disclose anything before reaching a final conclusion.
It appears that the threat actors obtained access to a few servers which were encrypted. The encryption knocked down X-Cart customer stores, some of which went down completely, whereas others couldn’t send email alerts. Fortunately, all affected websites have been restored.
How did X-Cart’s customers react to the ransomware attack?
Not surprisingly, those who were seriously impacted by the cyber incident were rather unhappy, as some of them tried to put together a class-action lawsuit against the service provider, ZDNet reported.
Did the provider pay ransomware criminals? Instead of paying any ransom money, the company restored the data via backups. In fact, it is noteworthy that the cybercriminals didn’t provide any way to communicate with them.
This is not the first case of ransomware criminals attacking web hosting platforms. Such attacks were registered against companies such as Equinix, A2 Hosting, CyrusOne, and Cognizant.