NCR, an American provider of software, hardware and services for banks, retailers, restaurants, and small business, disclosed a ransomware incident that caused an outage on its Aloha point of sale technology.
The Aloha service provides restaurants with a system to manage point of sale hardware, online orders, marketing tools and more. According to NCR, the service is used by thousands of restaurants around the world.
The company said it suffered a ransomware attack on April 13, 2023 that impacted one of its data centers.
“We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint. At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments or other retail products are processed at this data center,” the provider said in a press release.
Over the weekend, multiple Aloha PoS customers complained on social media that the outage caused disruptions in their business operations.
“Restaurant manager here, small franchise stuck in the Stone Age with around 100 employees. We’re doing the old pen and paper right now and sending to head office. The whole situation is a huge migraine,” one of the messages on Reddit says.
NCR’s spokesperson has confirmed that the incident affected the ability of several restaurants to manage administrative functions. The company is now working to restore the services.
The payments giant did not disclose what ransomware operation was behind the attack, or if any ransom demand was issued.
On April 15, cybersecurity expert Dominic Alvieri spotted an announcement on the BlackCat/ALPHV ransomware gang's data leak site claiming responsibility for the incident. The group shared alleged correspondence between NCR representatives and ransomware actors claiming that no data had been stolen from the company. However, the hackers allegedly stole credentials that customers use to access their systems. Interestingly, the post was removed shortly after it was initially published.
BlackCat/ALPHV ransomware has been in operation since November 2021 and swiftly gained notoriety for being the first major professional ransomware family to be written in Rust, a cross-platform language that allows malicious actors to customize malware for different operating systems like Windows and Linux.
BlackCat/ALPHV ransomware has frequently made the headlines for its attacks on high-profile targets like fuel logistics and transportation services operators in Europe, and on educational institutions in the US, and its use of triple extortion. According to a new report from cybersecurity firm Varonis, the BlackCat/ALPHV ransomware gang has been spotted actively recruiting former REvil, BlackMatter, and DarkSide operators.