NCR Corporation Responds to BlackCat Ransomware Attack Impacting Aloha POS System

ATLANTA, GA – NCR Corporation, a leading technology solutions provider, has recently experienced an outage on its Aloha point of sale (POS) platform, impacting a subset of its hospitality customers. The outage, which began on Wednesday, was later confirmed to be the result of a ransomware attack orchestrated by the BlackCat/ALPHV gang​.

Aloha, one of NCR’s products used extensively in the hospitality industry, faced disruptions that rendered customers unable to utilize the system. Following initial silence, NCR Corporation disclosed that the outage stemmed from a ransomware attack on data centers that powered the Aloha POS platform​​.

NCR Corporation swiftly took action upon discovering the incident. “On April 13, we confirmed that the outage was the result of a ransomware incident,” reads an email sent to Aloha POS customers. The company initiated contact with affected customers, launched an investigation, and engaged third-party cybersecurity experts to contain and resolve the situation​.

In a statement addressing the incident, NCR Corporation reaffirmed its commitment to supporting its customers’ day-to-day operations as well as during times of crisis. “At NCR Corporation, we are committed to not only supporting our customers’ day-to-day business operations, but also to being there for our customers when they need us most,” the statement read.

NCR Corporation further clarified that the ransomware incident is believed to be limited to specific functionality in Aloha cloud-based services and Counterpoint, and that no customer systems or networks are involved. The company’s ATM, digital banking, payments, and other retail products are not processed at the impacted data center and have not been affected by the incident.

In addition to its immediate response, NCR Corporation has established dedicated teams to support the operations of impacted customers, implemented local workarounds, and is working around the clock to restore the affected applications as swiftly as possible. The company aims to re-establish secure access to the impacted Aloha and Counterpoint applications and is working on rebuilding the applications in a new secure environment. Customers will be provided with key steps to access the new environment once it is ready.

NCR Corporation encourages customers with additional questions or those requiring further support to reach out to NCR Support or their Account Representative. The company remains committed to finding solutions and moving forward together with its customers.

The Russia-linked ALPHV ransomware group has recently claimed credit for a cyberattack targeting Ring, a prominent home security and smart home company owned by Amazon. The incident marks yet another instance of cyber threats directed at companies in the security and smart home technology sectors.