BlackCat Ransomware Attacked NCR’s POS System

BlackCat attacked NCR
Written by Emma Davis

The BlackCat ransomware attacked the American company NCR, which specializes in the production of payment terminals, ATMs, POS terminals, barcode readers, and is also a provider of various outsourcing IT services.

BlackCat (aka ALPHV) claimed responsibility for the attack on the Aloha POS system that is used in the restaurant and hotel business.

Let me remind you that we also wrote that In 4 months, the Black Cat group hacked 60 organizations around the world, and also that Hackers Provide Victims with Search through Stolen Data.

The Aloha POS platform stopped working in the middle of last week, and customers completely lost the opportunity to use it. After several days of silence, NCR finally revealed that the outage was caused by a ransomware attack that affected Aloha-related data centers.

We are reporting additional information regarding a data center outage that impacted a limited number of Aloha utility applications for a subset of our hospitality customers. On April 13, we were able to confirm that the outages were caused by a ransomware incident. As soon as the incident was discovered, we began contacting customers, engaging third-party cybersecurity experts, and investigating. Law enforcement agencies have also been notified of the incident.according to a letter sent to Aloha customers.

Although the letter claims that the failure only affected “service applications” and affected a small part of the customers, on Reddit, the victims report that in fact the attack caused significant problems in their work.

I’m a restaurant manager, we have a small franchise, about 100 employees. Now we work the old fashioned way, like in the Stone Age, on paper and send it all to the head office. This whole situation is a huge headache.says one of the customers of the Aloha POS system.

Other users recommend extracting data from files manually until the crash ends.

NCR representatives assured representatives of Bleeping Computer that they had already outlined a “clear path to recovery”, and the company was working to fix the affected systems around the clock.

In addition, we provide clients with specialized assistance and temporary solutions to support their operations while work is underway.the company says.

Although NCR did not say which group was behind the attack, security researcher Dominic Alivieri found a message posted on the BlackCat (ALPHV) “leak site” in which the attackers claim responsibility for the attack.

BlackCat attacked NCR

This post was accompanied by a fragment of the chat log, in which negotiations took place between the NCR representative and the extortionists. There, the hackers reported that they did not steal any data stored on the servers during the attack. However, the attackers claim to have stolen NCR customer credentials and threaten to release them unless a ransom is paid.

We have captured a lot of your customer credentials that are used to connect to Insight, Pulse and so on. We will provide you with a list after payment.the hackers said.

BlackCat has since removed the message from its “leak site”, likely hoping that a ransom could be negotiated with the company.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply