On April 13, 2023, NCR Corporation confirmed that their Aloha Point of Sale (POS) platform was the target of a ransomware attack. Aloha POS is used in hospitality services and the outage has impacted a subset of their hospitality customers. The attack was claimed by the BlackCat/ALPHV gang, one of the most significant ransomware operations active at this time, responsible for hundreds of attacks worldwide. In this exclusive news coverage, we will dive into the details of this attack, its impact, and the reasoning behind it.

What is NCR Corporation and Aloha POS?

NCR Corporation is an American software and technology consulting company that provides digital banking, POS system, and payment processing solutions for restaurants, businesses, and retailers. One of their products, the Aloha POS platform, is used in hospitality services and has been affected by the recent ransomware attack.

Details of the Ransomware Attack

The Aloha POS platform has suffered an outage since Wednesday, with customers unable to utilize the system. NCR initially remained silent on the cause of the outage, but after days of investigation, it was revealed that the outage was the result of a ransomware attack on data centers used to power the Aloha POS platform. The outage has impacted a subset of their hospitality customers and only a "limited number of ancillary Aloha applications."

BlackCat/ALPHV Gang Claims Responsibility

The BlackCat/ALPHV gang claimed responsibility for the ransomware attack on NCR's Aloha POS platform. While NCR did not confirm which ransomware operation was behind the attack, cybersecurity researcher Dominic Alivieri spotted a short-lived post on the BlackCat/ALPHV ransomware gang's data leak site where the threat actors claimed responsibility. The post also included a snippet of the negotiation chat conversation between an alleged NCR representative and the ransomware gang.

Aloha Reflects on AlphV/BlackCat's Data Leak Site

Impact of the Ransomware Attack

Aloha POS customers have shared on Reddit that the outage has caused significant issues in their business operations. Some customers are concerned about making payroll on time for their employees, with different customers recommending that data be pulled manually from the data files until the outage is over. The threat actors claimed to have stolen credentials for NCR's customers and stated that they would be published if a ransom was not paid.

What Goes Behind the Attack

It is unclear why the BlackCat/ALPHV gang targeted NCR's Aloha POS platform. However, outages caused by cyberattacks like these tend to take quite a bit of time to resolve in a secure manner. It is also unclear whether NCR will negotiate with the ransomware gang or if they will take steps to recover the stolen credentials and data.