NCR Corporation, an American software, consulting, and technology company providing electronic products and professional services, has been hit by a ransomware attack conducted by the BlackCat/ALPHV ransomware group, resulting in an outage on its Aloha point of sale (PoS) platform.
The outage started on Wednesday, and the company has started notifying its customers about the situation.
Although the incident only affected a specific functionality and restaurants can still serve their customers, many customers are reporting problems they are facing due to the outage. NCR has notified law enforcement and engaged third-party cybersecurity experts to investigate the incident and determine the scope of the attack.
The BlackCat/ALPHV ransomware gang, which has been active since November 2021, has added NCR to its list of victims on its Tor data leak site, claiming to have stolen credentials belonging to NCR’s customers and threatening to leak them if the ransom was not paid. The ransom demands of the group range from a few tens of thousands of dollars up to tens of millions of dollars.
NCR has not disclosed whether it paid the ransom or not, and at the time of this writing, the group has removed the name of NCR from its leak site, likely because there is an ongoing negotiation.
The BlackCat/ALPHV ransomware gang is known for its attacks on various companies and organizations, including the US defense contractor NJVC, industrial explosives manufacturer SOLAR INDUSTRIES INDIA, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, and the Swissport.
An affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was recently observed exploiting three vulnerabilities in the Veritas Backup solution to gain initial access to the target network. Unlike other ALPHV affiliates, UNC4466 does not rely on stolen credentials for initial access to victim environments.
In conclusion, NCR’s ransomware attack is another example of how cybercriminals continue to target companies and organizations for financial gain, causing disruptions in their operations and affecting their customers.
Companies need to invest in cybersecurity measures and be prepared to respond to such incidents promptly to minimize their impact. The rise of ransomware attacks and their increasing sophistication poses a significant threat to organizations, and it is crucial to have a robust cybersecurity strategy in place to protect against such attacks.
