NCR Datacenter Affected By Massive Ransomware Attack

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Apr 17, 2023 01:32 pm PST

Ransomware struck American payments company NCR datacenter, focusing on one of its data facilities in Aloha, Hawaii. A few days after beginning to look into a “problem” with its Aloha restaurant point-of-sale (PoS) product, the company disclosed the hack on Saturday.

The warning states, “On April 13, we confirmed that the downtime was caused by a ransomware incident. “As soon as we learned about this development, we contacted customers, hired outside cybersecurity experts, and started an investigation. Also, law enforcement has been informed.

According to the company, only “particular functionality” has been affected by the attack, and there has been “no damage to payment applications or on-premises systems,” thus, restaurants that were affected can continue serving customers.

But, research from the security firm has revealed that ransomware on PoS systems may seriously hurt businesses in the hospitality industry, according to Claroty CRO Simon Chassar.

The CEO commented on the findings: “Our study shows that 51% of the food and beverage sector reported severe interruption when attacked by a ransomware assault in 2021.” Furthermore, these attacks might result in large financial losses for enterprises; according to over a third, operational disruption would have a revenue impact of at least $1,000,000 per hour.

Chassar claimed that as more cyber-physical systems are used in the hospitality sector, firms are exposed to more new cyber threats and vulnerabilities, potentially resulting in expensive operational downtime.

Companies must have complete network visibility for all connected assets to assess their risk posture and patch vital assets like operational technology (OT) and IoT devices, according to Chassar. Also, segmenting their networks is crucial to limit unauthorized connectivity and malware migration and lessen the impact of intrusions.

This research by Terry Olaes, senior technical director at Skybox Security, provides more details on how to keep up with evolving threats and minimize cyber risks.

How Can Big Restaurants Stay Safe From Hackers?

To protect themselves from potential hackers, big restaurants can take the following steps:

  • Implement robust security measures: To safeguard their networks and systems from unwanted access, restaurants should put security measures in place, just as firewalls, anti-virus software, and intrusion detection systems.
  • Train employees on security best practices: Restaurant employees should be trained on security best practices, such as creating strong passwords, identifying phishing scams, and avoiding suspicious links or downloads.
  • Regularly update software and systems: To avoid weaknesses that hackers can exploit, restaurants should make sure that their software and systems are updated frequently with the newest security updates.
  • Use secure payment systems: Restaurants should use secure payment systems, such as encrypted point-of-sale (POS) terminals, to protect customers’ credit card information.
  • Limit access to sensitive information: Restaurants should limit access to sensitive information, such as financial and customer data, to only those who need it to perform their job responsibilities.
  • Conduct regular security audits: To find weaknesses and make sure security measures are current, restaurants should undertake frequent security audits.


NCR Datacenter outage affected a small number of ancillary Aloha applications for a fraction of their hospitality customers, the company said in its initial issue report from April 12. Restaurant technology company Aloha Point of Sale (POS) manages regular tasks like payments. On April 13, the business acknowledged that a ransomware incident was to blame for the downtime. “As soon as we learned about this development, we contacted customers, hired outside cybersecurity experts, and started an investigation. Also, law enforcement has been informed,” it said.

The BlackCat ransomware group initially claimed responsibility for the attack on their Tor-based data dump website. The post was later taken down, though. “We are working tirelessly to get our client’s full service back. However, as we strive toward complete restoration, we offer our clients devoted support and workarounds to help them continue operating. Restaurants in the affected area could still serve customers. However, certain functionality was limited. The company added that there is no effect on on-premises infrastructure or payment applications.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x