After days of silence, NCR has finally disclosed that their Aloha POS platform was hit by a ransomware attack claimed by the BlackCat/ALPHV gang resulting in a multi-day system outage impacting ancillary Aloha applications for a subset of its hospitality customers.
“…100 employees. We’re doing the old pen and paper right now and sending to head office. The whole situation is a huge migraine,”
According to the chat, the BlackCat group claimed they did not steal any actual NCR data, but they did obtain “a lot of credentials” that they will use to access NCR customer networks if they are not paid.
“Cybercriminals are now focused on not just encrypting data for ransom but also stealing sensitive information that can be used to carry out more sophisticated attacks. As we have seen with previous incidents, such as the SolarWinds breach, the theft of credentials can be used to access networks, exfiltrate data, and cause further damage.
“It is critical that organizations prioritize protecting their credentials and implement strong security measures to prevent unauthorized access to their systems. Attackers can always find a way into a network, so regular air gapped backups and a rapid response ransomware containment system should be part of the complete defensive stack.”
Unfortunately, outages caused by cyberattacks like these have lengthy recovery times, as we’ve seen with the recent DISH and Western Digital cyberattacks. Thus It will be interesting to see how NCR responds to this attack now that it’s out in the public eye.
This entry was posted on April 18, 2023 at 8:16 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
NCR Aloha POS System Pwned By BlackCat/ALPHV
After days of silence, NCR has finally disclosed that their Aloha POS platform was hit by a ransomware attack claimed by the BlackCat/ALPHV gang resulting in a multi-day system outage impacting ancillary Aloha applications for a subset of its hospitality customers.
Users are expressing concerns about making payroll on time, with different customers recommending that data be pulled manually from the systems data files until the outage is over. This was posted to the AlohaPOS Sub Reddit:
“…100 employees. We’re doing the old pen and paper right now and sending to head office. The whole situation is a huge migraine,”
According to the chat, the BlackCat group claimed they did not steal any actual NCR data, but they did obtain “a lot of credentials” that they will use to access NCR customer networks if they are not paid.
Michael Slipsager, CEO, BullWall:
“Cybercriminals are now focused on not just encrypting data for ransom but also stealing sensitive information that can be used to carry out more sophisticated attacks. As we have seen with previous incidents, such as the SolarWinds breach, the theft of credentials can be used to access networks, exfiltrate data, and cause further damage.
“It is critical that organizations prioritize protecting their credentials and implement strong security measures to prevent unauthorized access to their systems. Attackers can always find a way into a network, so regular air gapped backups and a rapid response ransomware containment system should be part of the complete defensive stack.”
Unfortunately, outages caused by cyberattacks like these have lengthy recovery times, as we’ve seen with the recent DISH and Western Digital cyberattacks. Thus It will be interesting to see how NCR responds to this attack now that it’s out in the public eye.
Share this:
Like this:
Related
This entry was posted on April 18, 2023 at 8:16 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.