NCR is experiencing issues with its Aloha point-of-sale system due to a ransomware attack for which the BlackCat/ALPHV gang has claimed responsibility. NCR is an American software and technology consultancy firm that offers solutions for digital banking, POS systems, and payment processing for restaurants, enterprises, and shops.
Customers have been unable to access one of its products, the Aloha POS platform, which is employed in the hotel industry, since Wednesday due to an outage. After keeping quiet for several days, NCR has now revealed that the Aloha POS platform’s data centers were the target of a ransomware attack that caused the downtime.
“As a valued customer of NCR Corporation, we are reaching out with additional information about a single data center outage that is impacting a limited number of ancillary Aloha applications for a subset of our hospitality customers,” reads a customer email from Aloha POS. “Immediately upon discovering this development we began contacting customers, engaged third-party cybersecurity experts and launched an investigation.” Additionally, law enforcement has been alerted.
According to a statement from NCR, only a “limited number of ancillary Aloha applications” and a portion of their Aloha POS hospitality clients are affected by this outage. However, Aloha POS customers have reported on Reddit that the downtime has seriously hampered their ability to conduct business. Manager of this small restaurant with about 100 staff members, which is trapped in the Stone Age. They’re mailing to head office via the traditional pen and paper method. A client commented on the AlohaPOS Reddit that the entire scenario is a major headache.
Different customers have advised that data be manually extracted from the data files until the outage is ended since other users are worried about paying payroll for their employees on time. Unfortunately, these kinds of intrusions sometimes result in lengthy disruptions that are difficult to secure, as was the case with the recent DISH and Western Digital breaches.
Security researcher Dominic Alivieri discovered a brief post on the BlackCat/ALPHV ransomware gang’s data leak site where the threat actors claimed culpability, despite NCR declining to disclose what ransomware operation was behind their attack. A portion of the negotiating dialogue between the ransomware group and a purported NCR official was also included in this post.
In his communication, the ransomware group allegedly informed NCR that they had not taken any server-stored data during the attack. Threat actors said they had stolen login information for NCR’s clients and threatened to publish it if a ransom was not paid. BlackCat has subsequently removed the NCR article from their data breach website in the hopes that the firm would agree to discuss a ransom. In November 2021, the BlackCat ransomware gang began operating, using a very advanced encryptor allowing much attack customization.
Due to the black cat graphic on their data leak website, the ransomware group was given the moniker BlackCat. However, while discussing their activity on hacker forums and during talks, the threat actors go by the name ALPHV internally. With hundreds of attacks globally since its inception and ransom demands ranging from $35,000 to over $10 million, the ransomware operation has developed into one of the most major ransomware operations currently operational.