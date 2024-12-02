According to Security Affairs, the company launched an internal investigation and discovered that threat actors exploited a vulnerability in a third-party software management tool to access the hosting platform and install the ransomware. The tool was immediately removed from their systems.

Meanwhile, the company started working with a security firm to confirm the source of entry and identify the ransomware strain. Moreover, according to the X-Cart's officials, the cybercriminals gained access to a small portion of the platform and encrypted some of its servers bringing down the X-Cart stores they were hosting. Users reported that the systems were down for several days. In some cases customers restored their operations but claimed to have missed order information and settings changes.

Furthermore, the company did not pay the ransom and recoverd its files from backups. However, the threat actors didn’t provide any way to communicate with them, which is very strange for ransomware attacks.