X-Cart customers recovering from ransomware attack that led to widespread e-commerce site outages

Missing order information and setting changes are apparently hampering recovery efforts

EXCLUSIVE A recent ransomware attack on a third-party software management tool caused outages for customers of e-commerce platform provider X-Cart.

The disruption, which sparked anguish and frustration among customers on X-Cart’s private forum, prompted one participant on the message board to tip off The Daily Swig.

Our tipster, who asked to remain anonymous, said X-Cart had to restore systems from backups, adding that there may be a time gaps since the last restoration that means data will be lost as a result of the incident.

In response to queries from The Daily Swig, Jeff Cohen, vice president of marketing at X-cart, offered a statement last Thursday (October 29) confirming the incident but stating the problem was well in hand:

On October 21, 2020, at approximately 11 am EST, X-Cart in cooperation with our infrastructure provider identified that some of our servers were down due to a ransomware attack. All customer websites have since been restored.

The vulnerability was in a 3rd party software tool we used to manage our service infrastructure. We have removed this tool from our systems and are working with a security firm to confirm the source of entry and identify the ransomware strain. Once that report is ready, we will share it with our customers.

An outage of any kind is disruptive to our customers and impacts each of them differently. The X-Cart team remains focused on helping customers get back to business.

Our anonymous tipster reacted to these comments by stating that the breach caused severe problems for many X-Cart customers.

Systems were “down for several days, there were customers restored [with] missing order information and settings changes”, they said.

“Email servers were also impacted as DKIM records and such weren’'t set up,” the tipster added.

Recovery efforts

Posts on the X-Cart forum as late as last Friday suggested that issues with email systems remained a problem for some customers.

Pressed to comment specifically on the number of customers affected and the disruption they might have faced, X-Cart’s Cohen offered offered a less gloomy assessment.

The issue was “limited to customers that were on our shared hosting plans” and “none of our dedicated hosting clients were impacted,” according to Cohen. “In addition, it did not impact the core code.”

RELATED X-Cart e-commerce platform updates software to defend against RCE vulnerability

X-Cart’s Cohen concluded: “Clients impacted were down for one-[to]-three days and it may have impacted their website and email.”

Meanwhile an investigation by X-Cart into the incident continues.

“At this time, we believe we know the third-party tool but do not want to disclose it until our security agency confirms and completes the audit,” Cohen explained. “They have narrowed down the ransomware strain but have not reported the final findings.

“The ransomware hackers do not provide a way to communicate so to comply with US laws we had to work on a recovery process.”

The ransomware-triggered outage at X-Cart follows a seemingly unrelated incident back in August when X-Cart resolved an unauthenticated file write issue that posed a remote code execution risk to its platform.

READ MORE Unsupported Magento 1 still powers more than 200,000 e-commerce sites