CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



Payments Giant NCR Hit by Ransomware

US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.


US payments giant NCR confirmed over the weekend that a data center outage is the result of a ransomware attack. A well-known ransomware group has taken credit for the attack.

NCR first reported investigating an “issue” related to its Aloha restaurant point-of-sale (PoS) product on April 12. On April 15, the company said a limited number of ancillary Aloha applications for a subset of its hospitality customers had been impacted by an outage at a single data center.

“On April 13, we confirmed that the outage was the result of a ransomware incident. Immediately upon discovering this development we began contacting customers, engaged third-party cybersecurity experts and launched an investigation. Law enforcement has also been notified,” NCR said.

The company has been working to restore affected services, but said that impacted restaurants should still be able to serve customers, with only specific functionality being impacted. 

Cybersecurity researcher Dominic Alvieri noticed on April 15 that the ransomware group known as BlackCat, Alphv and Noberus took credit for the attack on its Tor-based leak website, but the post was quickly removed by the hackers. 

In the now-removed post, the cybercriminals said they were contacted by NCR representatives who wanted to find out what type of data had been stolen from their systems. The hackers claimed they did not steal any actual NCR data, but they did obtain “a lot of credentials” that can be used to access NCR customer networks.

The removal of the post naming NCR from BlackCat’s leak website suggests that negotiations have started and the cybercriminals are hoping to get paid. 

SecurityWeek has reached out to the company to find out if it plans on paying a ransom. 

Advertisement. Scroll to continue reading.

The BlackCat ransomware has been around since at least November 2021 and its leak website currently lists more than 300 victims. The group has been known to target industrial companies.

Mandiant warned recently that the hackers have been exploiting vulnerabilities in a Veritas data backup product for initial access. 

UPDATE: NCR has not responded to questions regarding potential information compromise or the payment of a ransom, but it did tell SecurityWeek the following:

“We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint. At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments, or other retail products are processed at this data center.

While in-restaurant purchases and transactions continue to operate, affected customers have reduced capabilities on specific Aloha cloud-based and Counterpoint functionality that has impacted their ability to manage restaurant administrative functions. NCR is conducting concurrent efforts to establish alternative functionality for customers, fully restore impacted data and applications, and to enhance its cyber security protections.

Related: Cybersecurity Experts Cast Doubt on Hackers’ ICS Ransomware Claims

Related: Ring Denies Falling Victim to Ransomware Attack

Related: New ‘Trigona’ Ransomware Targets US, Europe, Australia

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...