Ransomware Attack on SuperCommerce by KillSec: A Detailed Analysis

SuperCommerce, a prominent e-commerce platform headquartered in Riyadh, Saudi Arabia, has recently fallen victim to a ransomware attack orchestrated by the notorious KillSec group. This incident has raised significant concerns within the cybersecurity community, given the platform's critical role in facilitating advanced e-commerce solutions for businesses across the Middle East and Africa.

About SuperCommerce

Founded in 2020, SuperCommerce, originally known as El-dokan, is a technology-driven e-commerce platform designed to enhance online shopping experiences for large retailers and chain stores. The company employs a headless commerce architecture, which decouples the frontend user interface from backend processing systems, allowing for highly customizable and flexible e-commerce solutions. This architecture, combined with the platform's composability, enables businesses to manage product data in real-time, automate order management, and implement personalized promotions.

SuperCommerce has reported significant achievements, including helping clients generate over $45 million in Gross Merchandise Volume (GMV) as of September 2022. The company employs between 50 to 99 individuals and has revenue estimates ranging from $1 million to $5 million.

Details of the Attack

The ransomware group KillSec has claimed responsibility for the attack on SuperCommerce. The attackers have reportedly infiltrated SuperCommerce's systems and exfiltrated data from several Egyptian companies that utilize the platform. The compromised entities include Al-Abdellatif Eltarshouby Pharmacy, Alamal Pharmacies, Amen, Am Salah, CPS Pharmacies, Crocs Egypt, Doss Pharmacies, Dotra, Etisal Store, Footloose, Greens Pharmacies, Kareem Stores, MakkahPharmacy, Mobilaty, Nabda, Ogawa Egypt, and Star House.

The stolen data encompasses client information such as names and phone numbers, delivery addresses, product details including SKU, name, quantity, price, and discounted price, as well as order information like order IDs and dates. Additionally, package delivery details and receipts from Egyptian logistics companies Aramex and Bosta have also been compromised.

About KillSec

KillSec, also known as Kill Security, is a ransomware group known for targeting various industries and countries. The group has been active in sectors such as government, manufacturing, defense, professional services, banking, and finance. KillSec uses a variety of communication channels, including Telegram, Session Messenger, and Tox, and demands extortion amounts ranging from 1,500 EUR to 10,000 EUR, typically in Monero (XMR) cryptocurrency.

KillSec distinguishes itself through its extensive targeting and significant extortion demands. The group is tracked and monitored by various cybersecurity platforms, including ID Ransomware and Ransom-DB. The recent attack on SuperCommerce highlights the group's capability to penetrate sophisticated systems, likely exploiting vulnerabilities in the platform's API integrations or other security gaps.

Implications and Response

The attack on SuperCommerce underscores the growing threat of ransomware to e-commerce platforms and the critical need for advanced cybersecurity measures. As SuperCommerce works to mitigate the impact of this breach, the incident serves as a stark reminder of the importance of continuous vigilance and advanced security protocols in the digital age.

Sources

• SuperCommerce Official Website
• WatchGuard Ransomware Tracker
• Hala VC - SuperCommerce Start-Up
• LinkedIn - SuperCommerce
• ID Ransomware