American technology company NCR recently suffered an outage to its Aloha point of sale (POS) platform after it was struck by a ransomware attack. The BlackCat ransomware gang has since claimed ownership of the attack on NCR.

A technology consulting and software company in the US, NCR previously operated as National Cash Register. It provides a wide range of payment processing, digital banking and POS system solutions for retailers, restaurants and other businesses.

Aloha POS outage

One of NCR’s products, known as Aloha POS, is a platform employed in the hospitality sector. It recently suffered a significant outage which left customers unable to use the system.

Following many days of silence, the US technology firm came forward and disclosed that the platform outage was the direct result of a ransomware attack on the data centres it uses to power the Aloha POS solution. A notification regarding the recent incident was issued to users of the platform via email. It reads:

“As a valued customer of NCR Corporation, we are reaching out with additional information about a single data centre outage that is impacting a limited number of ancillary Aloha applications for a subset of our hospitality customers. On April 13, we confirmed that the outage was the result of a ransomware incident.”

The email from NCR added that it began contacting its customers as soon as the development was discovered. The company also notified law enforcement agencies and enlisted the services of a third-party cybersecurity firm to launch its ongoing investigation into the event.

NCR commented on the steps it is taking in a statement following the email:

“We have a clear path to recovery, and we are executing against it. We are working around the clock to restore full service for our customers. In addition, we are providing our customers with dedicated assistance and workarounds to support their operations as we work toward full restoration.”

The business impact of a ransomware attack

Ransomware tactics are renowned for the chaos they can cause. When aimed at service providers, they not only impact the primary victim of an attack but also those who rely on them for digital solutions. Many NCR customers who use its Aloha POS platform commented online about how the outage had affected their daily business operations.

A restaurant manager posted on Reddit that because of the attack, his small franchise with 100 employees had returned to the Stone Age, using traditional pen and paper methods. They referred to the situation as a “huge migraine”.

Other Aloha POS users expressed concerns about being able to make payroll in a timely fashion for their staff members, while others recommended workarounds such as pulling information manually from their data files until the incident’s impact had ended. Unfortunately, outages experienced following a cyberattack can often take a considerable time to be resolved in a secure fashion.

Although NCR has not shared the attacker behind the attack in the press, cybersecurity researchers observed the BlackCat ransomware gang claim responsibility on its dedicated data leak site.