The ransomware attack was discovered on April 12th, 2023 when the company began investigating an issue in its Aloha restaurant point of sale (PoS) product.
Leading US software and payment platform provider NCR has confirmed that it has fallen victim to a ransomware attack. NCR specializes in providing technology and payment systems for the restaurant and hospitality sectors.
The ransomware attack was discovered on April 12th, 2023 when the company began investigating an issue in its Aloha restaurant point of sale (PoS) product. It was confirmed as a ransomware attack on April 13. NCR promptly notified law enforcement and launched an investigation in collaboration with third-party cybersecurity experts.
NCR has revealed that the attack impacted some of the ancillary applications and Counterpoint used by a small subset of its hospitality clients, causing operational disruption at one of its data centres.
However, NCR stated that affected restaurants can still serve customers as the entire system was unaffected. Customers are currently able to access limited functions on some cloud-based systems, as the attack affected features that disrupted the restaurant’s administrative functionalities.
NCR is working diligently to restore full service for its customers and is providing dedicated assistance and workarounds to support its operations in the meantime. The company is also focused on establishing alternative functionality for customers, enhancing cybersecurity mechanisms, and fully restoring impacted data and apps.
Notably, NCR’s digital banking, ATM, payments, and other retail products were not processed at the affected data centre.
The ransomware group responsible for the attack, known as BlackCat (aka Alphv), has claimed responsibility and stated that NCR representatives have contacted them to learn what data was stolen from their systems.
However, the hackers later removed this post, suggesting that negotiations between the two parties have begun and NCR may potentially pay the ransom. NCR has not disclosed the ransom amount at this time.
NCR Corporation breached by Black Cat. https://t.co/6beimfrsze pic.twitter.com/Bnh6s3RKfu
— Dominic Alvieri (@AlvieriD) April 15, 2023
According to NCR’s incident report, the company is working to make its Insight and NCR Back Office cloud environments available soon. Once this is done, Insight, NBO, and Pulse will upload/process restaurant data and impacted clients will receive an email containing replication configuration details after a few days.
Recovery plans for other affected applications, including Aloha Configuration Center, are also underway. It is worth noting that last month, the BlackCat ransomware gang also claimed responsibility for compromising Amazon’s Ring camera and gaining access to customers’ sensitive data.
