company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

BlackCat

Ransomware

PoS

loading..
loading..
loading..

BlackCat Gang Behind Ransomware Attack on NCR's Aloha PoS Platform

NCR's Aloha Point of Sale platform suffers a ransomware attack by BlackCat/ALPHV gang, causing an outage impacting hospitality customers

21-Apr-2023
3 min read

On April 13, 2023, NCR Corporation confirmed that their Aloha Point of Sale (POS) platform was the target of a ransomware attack. Aloha POS is used in hospitality services and the outage has impacted a subset of their hospitality customers. The attack was claimed by the BlackCat/ALPHV gang, one of the most significant ransomware operations active at this time, responsible for hundreds of attacks worldwide. In this exclusive news coverage, we will dive into the details of this attack, its impact, and the reasoning behind it.

What is NCR Corporation and Aloha POS?

NCR Corporation is an American software and technology consulting company that provides digital banking, POS system, and payment processing solutions for restaurants, businesses, and retailers. One of their products, the Aloha POS platform, is used in hospitality services and has been affected by the recent ransomware attack.

Details of the Ransomware Attack

The Aloha POS platform has suffered an outage since Wednesday, with customers unable to utilize the system. NCR initially remained silent on the cause of the outage, but after days of investigation, it was revealed that the outage was the result of a ransomware attack on data centers used to power the Aloha POS platform. The outage has impacted a subset of their hospitality customers and only a "limited number of ancillary Aloha applications."

BlackCat/ALPHV Gang Claims Responsibility

The BlackCat/ALPHV gang claimed responsibility for the ransomware attack on NCR's Aloha POS platform. While NCR did not confirm which ransomware operation was behind the attack, cybersecurity researcher Dominic Alivieri spotted a short-lived post on the BlackCat/ALPHV ransomware gang's data leak site where the threat actors claimed responsibility. The post also included a snippet of the negotiation chat conversation between an alleged NCR representative and the ransomware gang.

Aloha on BlackCat Data Leak Site.jpg Aloha Reflects on AlphV/BlackCat's Data Leak Site

Impact of the Ransomware Attack

Aloha POS customers have shared on Reddit that the outage has caused significant issues in their business operations. Some customers are concerned about making payroll on time for their employees, with different customers recommending that data be pulled manually from the data files until the outage is over. The threat actors claimed to have stolen credentials for NCR's customers and stated that they would be published if a ransom was not paid.

What Goes Behind the Attack

It is unclear why the BlackCat/ALPHV gang targeted NCR's Aloha POS platform. However, outages caused by cyberattacks like these tend to take quite a bit of time to resolve in a secure manner. It is also unclear whether NCR will negotiate with the ransomware gang or if they will take steps to recover the stolen credentials and data.