Thursday, April 18, 2024

Payment Processing Giant NCR Global Hit By Ransomware Attack

NCR, a major player in the US payments industry, admitted it was a target of a ransomware attack for which the BlackCat/Alphv group claimed responsibility.

On April 12, NCR revealed that it was looking into an “issue” with its Aloha restaurant point-of-sale (PoS) system. 

The business announced an outage at a single data center had affected just a few of its hospitality customers’ ancillary Aloha applications on April 15.

“On April 13, we confirmed that the outage was the result of a ransomware incident. Immediately upon discovering this development we began contacting customers, engaged third-party cybersecurity experts and launched an investigation. Law enforcement has also been notified,” NCR said.

NCR is a software and technology consulting firm in the United States that offers restaurants, enterprises, and retailers digital banking, POS systems, and payment processing solutions.

Since Wednesday, one of its products, the Aloha POS platform used in the hospitality industry, has been down, making it impossible for customers to use.

Ransomware Attack That Led to the Outages

After going silent for many days, NCR finally revealed today that the Aloha POS platform’s data centers were the target of a ransomware attack that triggered the outage.

“As a valued customer of NCR Corporation, we are reaching out with additional information about a single data center outage that is impacting a limited number of ancillary Aloha applications for a subset of our hospitality customers,” reads an email sent to Aloha POS customers.

According to a statement NCR provided to BleepingComputer, just a subset of their Aloha POS hospitality customers are affected by this outage, along with a “limited number of ancillary Aloha applications.”

However, Aloha POS customers have reported on Reddit that the downtime significantly hindered their ability to conduct business.

“Restaurant manager here, small franchise stuck in the Stone Age with around 100 employees. We’re doing the old pen and paper right now and sending to head office. The whole situation is a huge migraine,” a user wrote on the AlohaPOS Reddit.

Other users are anxious about making payroll on time for their employees, with many customers urging that data be extracted manually from the data files until the outage is resolved.

“We have a clear path to recovery and we are executing against it. We are working around the clock to restore full service for our customers,” NCR informed BleepingComputer. 

“In addition, we are providing our customers with dedicated assistance and workarounds to support their operations as we work toward full restoration.”

On the data leak site used by the BlackCat/ALPHV ransomware gang, cybersecurity researcher Dominic Olivieri saw a short-lived post where the threat actors took ownership.

A section of the negotiation dialogue between the ransomware gang and an alleged NCR official was also included in this post.

In his discussion, the ransomware group allegedly informed NCR that they had not stolen any server-stored data during the attack.

Threat actors stated that they had stolen login information for NCR’s customers and threatened to publish it if a ransom was not paid.

“We take a lot of credentials to your clients networks used to connect for Insight, Pulse, etc. We will give you this list after payment,” the threat actors told NCR.

BlackCat has since removed the NCR post from their data breach website, hoping the firm will agree to discuss a ransom.

With a highly advanced encryptor that allowed for extensive attack customization, the BlackCat ransomware gang began operating in November 2021 and had ransom demands ranging from $35,000 to over $10 million.

Internally, the threat actors use ALPHV when discussing their activities in negotiations and hacker forums.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Related Read:


Latest articles

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles