NCR reports cybersecurity incident

NCR has been hit by a ransomware attack afflicting its Aloha POS system for the hospitality industry. The Aloha POS is used by 140,000 outlets worldwide, including the likes of Brewdog, Dunkin Donuts, Gaucho, Nandos and other franchises, according to Finextra.

On April 13, NCR determined that a single data center outage that is impacting some functionality for a subset of its commerce customers was caused by „a cyber ransomware incident” – according to the press release.

Upon such determination, NCR immediately started contacting customers, enacted its cybersecurity protocol and engaged outside experts to contain the incident and begin the recovery process. The investigation into the incident includes NCR experts, external forensic cybersecurity experts and federal law enforcement.

„We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint. At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments, or other retail products are processed at this data center.” – the company explains.

While in-restaurant purchases and transactions continue to operate, affected customers have reduced capabilities on specific Aloha cloud-based and Counterpoint functionality that has impacted their ability to manage restaurant administrative functions. NCR is conducting concurrent efforts to establish alternative functionality for customers, fully restore impacted data and applications, and to enhance its cyber security protections.

The BlackCat/ALPHV gang has claimed credit for the outage in a short-lived post on data leak site eCrime.ch, writing: „During four days of silence and removal of any mention of ransomware on reddit, NCR representatives went into a chat room to find out what data had been stolen. After receiving information that NCR data had not been stolen, but accessed their customers’ networks, they decided to make a press release. We are forced to take action regarding NCR customers. If you become our victim you know who to thank.„