Payment Giant NCR Suffers BlackCat ransomware attack causes outages
Payments giant NCR has been hit by a ransomware attack that targeted one of its data centers in Aloha, Hawaii.
NCR is best known for its retail point-of-sale and automatic teller machine technology.
A well-known ransomware group named BlackCat ransomware group has taken credit for the attack.
The company unveiled the breach on Saturday, a few days after starting to investigate an “issue” related to its Aloha restaurant point-of-sale (PoS) product.
NCR added that the incident was limited to the specific functions of its Aloha cloud-based services and its Counterpoint product. No customer systems or network were involved, nor did the ransomware attack affect the company’s ATM, digital banking, payments, or other retail products.
“On April 13, we confirmed that the outage was the result of a ransomware incident. Immediately upon discovering this development we began contacting customers, engaged third-party cybersecurity experts and launched an investigation. Law enforcement has also been notified,” NCR said.
Although NCR didn’t provide details on the form of ransomware or any ransom demanded, Bleeping Computer reported that the BlackCat/ALPHV ransomware gang has claimed responsibility for the attack.
The company has been working to restore affected services but said that impacted restaurants should still be able to serve customers, with only specific functionality being impacted.
BlackCat/ALPHV has also been linked to a ransomware attack on Western Digital Corp. last week.
The BlackCat ransomware gang launched its operation in November 2021 with a highly sophisticated encryptor that allowed for a wide range of customization in attacks.
Renfrow added that BlackCat/ALPHV uses the Rust programming language, which is harder to detect by conventional security solutions, can affect a broader range of systems, including Windows and Linux, and can spin up more complex ransomware strains that are harder to analyze.