Aloha PoS Restaurant Software Downed by Ransomware Attack

After days of outages, NCR Corp. has confirmed that its Aloha point-of-sale (PoS) software platform, used by thousands of restaurants across the US, was taken down by a ransomware attack on one of its data centers.

The BlackCat ransomware group has claimed responsibility for the Aloha POS cyberattack.

“Please rest assured that we have a clear path to recovery and we are executing against it,” NCR’s disclosure said. “We are working around the clock to restore full service for our customers.”

Service disruptions for Aloha POS users began days ago, with the first update put out by NCR on April 12. At the time, it simply said the company was “investigating” the issue. In the absence of information, an Aloha POS subreddit has been filled with users sharing tips, workarounds, and any new information.

The Aloha PoS website lists a raft of restaurants, including Mad Mex and Chipotle, among its customers.

“BlackCat/ALPHV claimed responsibility for the attack and stated that they didn’t steal any data but did take credentials that they are using as leverage to receive a ransom payment,” says Timothy Morris, chief security adviser at Tanium. “It isn’t known how the attacker got initial access.”

Lior Yaari, CEO and co-founder of Grip Security, noted in an emailed statement that the interest in credentials is a wake-up call for other organizations.

“Because in a distributed environment, identity is the ultimate control point and credentials paired with identities is like getting the golden ticket to everything else,” he explained. “The sensitivity and criticality of credentials is not a big surprise for attackers and cybercriminals, as credentials have remained the top target for attackers for more than a decade. The difference here is, now, organizations have increased their level of concern for credential, making them just as attractive for ransomware gangs as intellectual property.”