Ecommerce Platform X-Cart Hit By Ransomware Caused Outage

Do you sell goods and services directly from your company’s website? Do you use X-Cart to do it?

If you answered yes to both of those questions, you may have had some issues with your sales platform.

Thankfully, the issues now seem to have been resolved, but according to the software vendor that makes X-Cart, the issue stemmed from a ransomware attack the company recently suffered. It brought down customer stores that were hosted on the company’s platform.

While few details are known at this point, the issue seems to have arisen when attackers exploited a vulnerability in some third-party software that allowed them to gain access to X-Cart’s store hosting system. Jeff Cohen is the VP of Marketing for Seller Labs, which is the company that produced X-Cart.

Cohen had this to say about the matter:

“We have identified what we believed to have been the vulnerability but do not wish to disclose the name until its confirmed by our security firm.”

Reading between the lines of this statement, it appears that the investigation into the matter is still ongoing. However, apparently the attackers encrypted a small number of X-Cart’s servers, which was enough to grind the system to a halt. Of interest, the hackers did not demand a ransom, nor provide any way for Seller Labs to communicate with them, so the company restored their servers from recent backups.

Not all stores were impacted evenly. Some went offline completely, while others simply reported issues with sending email alerts. In any case, Seller Labs moved quickly to restore service and the outage lasted only a few days. Unfortunately, a few days is a very long time, and some of X-Cart’s customers are not happy, nor are they satisfied with the rather limited information the company has provided to this point. This prompted them to band together and serve Seller Labs with a Class Action lawsuit.

Everything seems to be back to normal at this point, but if your company was impacted, it pays to be aware of the pending lawsuit and consider how you might wish to proceed.