Payments giant says it is investigating ransomware incident that caused POS outage

Payment processing giant NCR disclosed a ransomware attack this weekend that caused an outage on its point of sale technology used widely by restaurants.

The company told Recorded Future News that it discovered the ransomware attack on April 13, when a data center outage impacted some of their customers.

The incident affected the company’s Aloha service – which provides restaurants with a system to manage point of sale hardware, online orders, marketing tools and more. NCR says the service is used by thousands of restaurants around the world.

“Upon such determination, NCR immediately started contacting customers, enacted its cybersecurity protocol and engaged outside experts to contain the incident and begin the recovery process. The investigation into the incident includes NCR experts, external forensic cybersecurity experts and federal law enforcement,” a spokesperson said.

“We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint. At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments, or other retail products are processed at this data center.”

The spokesperson confirmed that the ransomware attack has impacted the ability of several restaurants to manage administrative functions. The company is now working on creating alternatives for those customers and restoring the impacted tools.

First reported by Bleeping Computer, the company said on Saturday that it was on “a clear path to recovery” but did not respond to requests for comment about how long customers may face issues with their technology. Customers wrote on the Aloha subreddit that the incident was forcing them to use pen and paper.

On April 15, cybersecurity expert Dominic Alvieri said the BlackCat/AlphV ransomware group took credit for the attack, posting the company on its leak site.

Breaking

Alphv Black Cat breaches NCR.
@NCRCorporation pic.twitter.com/0pecVwPtvU

— Dominic Alvieri (@AlvieriD) April 15, 2023

The group shared alleged messages between NCR representatives and BlackCat hackers, claiming that while no data was stolen during the attack, they were able to steal credentials that customers use to access their systems.

NCR did not address the validity of these messages. DataBreaches.net reported that the BlackCat post was removed just one hour after it was initially posted.

NCR reported a revenue of more than $7 billion in 2021 through the sale of self-service kiosks, point-of-sale terminals, automated teller machines, check processing systems, and barcode scanners.

The company, initially known as National Cash Register, was created in 1879 to sell the first mechanical cash register.

Bugcrowd CEO Dave Gerry said point of sale systems remain an attractive target for hackers “given the business criticality of both the customer payment data and broader impact to business operations.”

“This is a timely example reinforcing that cyberattacks impact more than just the primary target – in this case potentially thousands of small businesses that rely on the NCR Aloha POS Platform,” he said.