NCR, known for POS systems and services for the catering industry, was the victim of a hacker attack on one of its cloud systems from the subsidiary Aloha Enterprise a few days ago. The leak page of the APT group ALPHV or BlackCat claims to be the attacker. The perpetrators are said not to have penetrated further, but influence the flow of some services.
Problems with the cloud service of the NCR subsidiary Aloha Enterprise are said to have occurred on April 12th. The service's status page reported an outage for 2 days, but gave no further indication of the reason. As recently as April 15, the service reported a ransomware incident that resulted in a single data center failure. However, this would only affect a limited number of Aloha add-ons for a subset of hospitality customers. In Germany it was reported that certain services were a bit stuck at that time, but were accessible.
ATMs and banking unaffected
The most important information was that only the gastronomy area should be affected. The other areas, such as ATMs, digital banking, payment or other retail products were not processed in this data center, according to NCR. In the latest reports, NCR states via Aloha that some cloud services are being rebuilt and the backed up data is being restored. You probably don't want to pay a ransom.
On the leak page of the APT group ALPHV and BlackCat, the reference to the NCR and Aloha Enterprise attacks has been removed. There is only one text left by the group, which claims that no data was stolen, but they claim to have had access to customer networks. NCR or Aloha does not mention this in its news. The truth content is therefore completely unconfirmed.
Editor/sel
More at NCR.com