X-Cart… Suffers a Ransomware Breach

The e-commerce software platform X-Cart suffered a ransomware attack, the infection brought down customers’ e-stores hosted by the company on its platform.

The software and services company X-Cart was recently acquired by Seller Labs, the premier software and services provider for Amazon sellers and brands.

The company immediately launched an internal investigation and discovered that threat actors exploited a vulnerability in third-party software management tool to access the hosting platform and install the ransomware.

“An outage of any kind is disruptive to our customers and impacts each of them differently. The X-Cart team remains focused on helping customers get back to business.”

Threat actors gained access to a small portion of the platform and encrypted some of its servers bringing down the X-Cart stores they were hosting.

Users reported that the systems were down for several days, is some cases customers restored their operations but claimed to have missed order information and settings changes.

The company claims that its core systems were not impacted and states that all customer websites have since been restored.

X-Cart pointed out that the outage was “limited to customers that were on our shared hosting plans” and none of its dedicated hosting clients were impacted.
In response to this initiative, Cohen said the company’s “first priority” during the ransomware attack “has been to get every customer back online and ensure we have a stable and secure system.”

At the time, it is not clear the family of ransomware that infected the systems at the hosting platform.

X-Cart joins the long list of breached companies

Capcom unfazed a breach and it’s serious

Capcom, home to many iconic franchises such as Street Fighter,Resident Evil and Monster Hunter, is the latest victim of a cyber attack.  Report claims that Capcom was the victim of a ransomeware attack by a program called Ragnar Locker. Ragnar Locker is a specific Ransom that attacks vulnerable systems by peppering them with small scale attacks until it finally breaks through.

Capcom stated that the attack occurred in the early hours of November 2 and affected access to certain systems, including email and file servers. Capcom has confirmed a third party was responsible for the attack. As a result of the attack, Capcom says it has halted some operations of its internal networks

“Capcom expressed its deepest regret for any inconvenience this may cause to its various stakeholders,” Capcom wrote. “Further, it stated that at present there is no indication that any customer information was breached. This incident has not affected connections for playing the company’s games online or access to its various websites.

Ransomware has been on the rise lately and is the latest cyber security threat that big organizations need to be wary of. As the name suggests, once the information is stolen, those responsible for the attack hold the information hostage until demands are met. The trade-away being that the attackers promise to delete the information once their payment has been received. Although as ransomware attacks continue, this is becoming increasingly less common.

The attackers claim to have stolen 1 TB of unencrypted files from the corporate networks in Japan, USA, and Canada. This includes all kinds of private and sensitive corporate data ranging from financial reports, intellectual property information, and even company emails and messenger conversations.

But Capcom claimed no data has been stolen and all are intact. Working on restoring the systems

Maze shutting down finally 💫

The Maze cybercrime gang is shutting down its operations that began its operation in may 2019 after rising to become one of the most prominent players performing ransomware attacks.

A double-extortion tactic introduced by Maze to exfilterates the data before encryption

Once encrypted, they demand ransom . If victim fails to pay they publish those data in maze site which started to be in limelight

This double-extortion technique was quickly adopted by other large ransomware operations, including REvil, Clop, DoppelPaymer, who released their own data leak sites. This double-extortion technique has now become a standard tactic used by almost all ransomware operations.

Maze continued to evolve ransomware operations by forming a ransomware cartel with Ragnar Locker and LockBit, to share information and tactics.

During their year and a half cybercrime spree, Maze has been responsible for attacks on notable victims, including Southwire, City of Pensacola, Canon, LG Electronics, Xerox, and many more.

Maze started to shut down six weeks ago
In a similar manner as GandCrab did in 2019.lastly Barnes and Noble ransomware attack.

This threat actor stated that they take part in ransomware attacks by compromising networks and stealing Windows domain credentials. The compromised networks are then passed to affiliates who deploy the ransomware.

Maze has started to remove victims that they had listed on their data leak site. All that is left on the site are two victims and those who previously and had all of their data published.The cleaning up of the data leak site indicates that the ransomware operation’s shutdown is imminent.

It is not uncommon for ransomware operations to release the master decryption keys when they shut down their operation, as was done with Crysis, TeslaCrypt, and Shade.

Maze affiliates have switched over to a new ransomware operation called Egregor which began operating in the middle of September, just as Maze started shutting down their encryption operation.

This is believed to be the same underlying software as both Maze and Sekhmet as they utilize the same ransom notes, similar payment site naming, and share much of the same code.

This was also confirmed by a ransomware threat actor who stated that Maze, Sekhmet, and Egregor were the same software.when a ransomware operation shuts down, it does not mean the threat actors involved retire as well. They just move to the next ransomware operation.

Reddy’s Lab Suffers a breach

A cyber attack at Dr Reddy’s Laboratories has prompted a temporary shutdown of its key production plants across the world, confirmed the pharma company’s filing to the stock exchange on Thursday.

The data breach reportedly occurred at the company’s key plants in the United States, United Kingdom, Brazil, India, and Russia. The share price of Dr Reddy’s dropped as much as 4.3% following the news of the data breach.

This comes just days after the Drugs Controller General of India greenlighted phase II and III trials of Sputnik-V in India on 17 October.

"We are anticipating all services to be up within 24 hours and we do not foresee any major impact on our operations due to this", said Mukesh Rathi, CIO, Dr Reddy'saboratories, stating they have detected a cyber attack.

The Russian Direct Investment Fund (RDIF) and Dr Reddy’s entered into a partnership to conduct clinical trials for the Russian coronavirus vaccine in India in September. As part of the cooperation, the RDIF will supply 100 million vaccine doses to Dr Reddy’s upon regulatory approval in India.

Sputnik V, developed by the Gamaleya Research Institute of Epidemiology and Microbiology and produced in conjunction with the Russian Direct Investment Fund (RDIF), became the world’s first registered vaccine against the coronavirus.