The BlackCat ransomware attacked the American company NCR, which specializes in the production of payment terminals, ATMs, POS terminals, barcode readers, and is also a provider of various outsourcing IT services.
BlackCat (aka ALPHV) claimed responsibility for the attack on the Aloha POS system that is used in the restaurant and hotel business.
Let me remind you that we also wrote that In 4 months, the Black Cat group hacked 60 organizations around the world, and also that Hackers Provide Victims with Search through Stolen Data.
The Aloha POS platform stopped working in the middle of last week, and customers completely lost the opportunity to use it. After several days of silence, NCR finally revealed that the outage was caused by a ransomware attack that affected Aloha-related data centers.
Although the letter claims that the failure only affected “service applications” and affected a small part of the customers, on Reddit, the victims report that in fact the attack caused significant problems in their work.
Other users recommend extracting data from files manually until the crash ends.
NCR representatives assured representatives of Bleeping Computer that they had already outlined a “clear path to recovery”, and the company was working to fix the affected systems around the clock.
Although NCR did not say which group was behind the attack, security researcher Dominic Alivieri found a message posted on the BlackCat (ALPHV) “leak site” in which the attackers claim responsibility for the attack.
This post was accompanied by a fragment of the chat log, in which negotiations took place between the NCR representative and the extortionists. There, the hackers reported that they did not steal any data stored on the servers during the attack. However, the attackers claim to have stolen NCR customer credentials and threaten to release them unless a ransom is paid.
BlackCat has since removed the message from its “leak site”, likely hoping that a ransom could be negotiated with the company.
