The hackers are expected to make a successful attempt at extracting money from the company, based on the information that is available to the public.
NCR, an American firm that produces financial transaction equipment and software, encountered a significant disruption of its Aloha point-of-sale systems as a result of the ransomware attack on its systems.
According to reports, the ALPHV/BlackCat group has claimed responsibility for the attack that caused one of NCR’s widely used products, the Aloha POS platform, to stop working in the middle of last week. Consequently, NCR’s clients have been unable to process their payments through this platform.
The Company’s Response
A customer of Aloha POS vented their frustration on Reddit, saying “Restaurant manager here! Our small franchise with about a hundred employees is simply stuck in the Stone Age. We are currently handling all payment transactions through our head office, recording transactions on paper. This whole situation is a huge headache for our business.”
NCR remained silent for several days until they finally announced that the outage was due to a ransomware attack on the data processing centers used to operate Aloha POS. The company assured everyone that once they became aware that malicious actors were involved, they immediately notified all clients, law enforcement agencies, and third-party experts.
Although NCR has not officially named the hacker group responsible for the attack, cybersecurity researcher Dominik Aliwieri found a post on the data leak site of the ALPHV/BlackCat extortionist group where the attackers claimed responsibility for the cyber incident.
The hackers allege that they have stolen customer credentials from NCR and threaten to make them public if the company does not pay a ransom. Later, the cybercriminals removed the message from their site, indicating that they may have come to an agreement with NCR.
Advanced Hacker Technology
In November 2021, the ransomware gang known as ALPHV/BlackCat started using a highly sophisticated encryptor that could be tailored to attack targets with a wide range of parameters. The group earned the moniker BlackCat after displaying an image of a black cat on their data leak site.
However, the criminals themselves refer to their group as ALPHV in their discussions on hacker forums and negotiations with victims. Since its inception, their ransomware operations have become one of the most significant threats in the industry, surpassed in scope only by LockBit.