NCR was hit with Alphv ransomware. Here’s what bankers need to know.

/in


A subset of NCR’s 100,000 restaurant customers remain without access to back-office payments tools and gift card functions after a major point-of-sale and digital banking software maker suffered a ransomware attack against one of its data centers last week.

While NCR has not specified the strain of ransomware that infiltrated the data center, ransomware development group Alphv briefly claimed responsibility for the attack in a post to its blog on Saturday, according to cybersecurity researcher Dominic Alvieri. The group has since removed the post without explanation.

On Monday, NCR confirmed that it suffered a data center outage starting April 13 that affected some of its commerce customers, and that the outage was caused by a ransomware incident. In a statement, the company said it “immediately started contacting customers, enacted its cybersecurity protocol and engaged outside experts to contain the incident and begin the recovery process” and that an investigation is ongoing. 

NCR declined to answer questions about the incident, instead reiterating its Monday statement that purchases made at restaurants using its point-of-sale software Aloha continue to operate, but certain “administrative functions” are limited for some customers. Counterpoint, another point-of-sale product from NCR, was also affected.

“We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint,” the company said. “At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments, or other retail products are processed at this data center.”

Restaurants reported troubles accessing back-office tools, accepting gift cards and using NCR’s data dashboard Pulse, according to trade publication Restaurant Business. NCR has point-of-sale software in 100,000 restaurants, according to the company.

Alphv ransomware, also known as BlackCat and Noberus, has increasingly been used against U.S.-based companies in manufacturing and financial services, according to Matthew Radolec, senior director of incident response and cloud operations for cybersecurity firm Varonis.

“Small- to medium-[size]…

Source…