X-Cart, known for its e-commerce software, was struck with ransomware at the end of October. The attackers were able to access X-Cart’s store hosting systems which caused some stores to completely go down, and others lost access to email services, but other core services were not impacted. X-Cart believes the attack was able to be carried out due to a vulnerability in a third-party system, but they would not name it until they were certain. Some customers have begun talks about a class action lawsuit, but it is yet to be seen whether or not that will be carried out. As for the ransom, X-Cart stated they will not pay it mainly because they have decided to restore from backup, and because there was no ransom payment instructions provided by the attackers.
Ransomware continues to grow in scope as a criminal enterprise because it has proven to be extremely profitable for criminal operators. That trend does not show any signs of reducing in the near future, but companies can be proactive in preparation to minimize disruptive effects of any attempted ransomware attacks. Having a solid backup strategy that is frequently tested and which cannot be destroyed by attackers is a good first step to be able to recover from disaster. Putting layers of defense including email scanning, patch management and employee education are wise moves for reducing the number of attacks that make it through to execution. The last and best line of defense is a comprehensive security event monitoring and response capability that has detailed visibility into events on workstations, servers and network devices. Binary Defense recommends a Security Operations Center (SOC) that is either staffed in house, or a managed security service. Our SOC Task Force will monitor endpoints for signs of intrusion 24/7 and make it a point to stop attacks before they cause greater damage.