NCR Ransomware Hits Restaurant Customers

NCR has been hit by a ransomware attack that is affecting the capabilities of some restaurants.

The incident was discovered Thursday (April 13), caused a single data center outage and has impacted the company’s Aloha point-of-sale (POS) system for restaurants and its Counterpoint retail management system, the provider of technology platforms said in a Monday (April 17) press release.

“We believe this incident is limited to specific functionality in Aloha cloud-based services and Counterpoint,” NCR said in the release. “At this time, our ongoing investigation also indicates that no customer systems or networks are involved. None of our ATM, digital banking, payments or other retail products are processed at this data center.”

The NCR customers affected by the incident are seeing reduced functionality on their restaurant administrative functions. Their in-restaurant purchases and transactions continue to operate, according to the press release. The release didn’t say what restaurants were impacted.

When NCR discovered the ransomware attack, the company started contacting customers and engaged outside experts, including both external forensic cybersecurity experts and federal law enforcement, the release said.

“NCR is conducting concurrent efforts to establish alternative functionality for customers, fully restore impacted data and applications, and to enhance its cyber security protections,” the company said in the release.

The frequency and value of ransomware attacks leaped in 2021, according to figures released in November 2022 by the Financial Crimes Enforcement Network (FinCEN).

The number of ransomware attacks reported by financial institutions and occurring in 2021 leaped 108% from 602 in 2020 to 1,251 in 2021, FinCEN said

The dollar amounts involved in those ransomware-related incidents rose 68% from $527 million in 2020 to $886 million in 2021, the organization added.

The announcement from NCR comes about two months after the Financial Times (FT) reported that a group of hackers had launched one of the largest-ever ransomware attacks, aiming to paralyze the computer networks of nearly 5,000 victims in Europe and the United States.

A month before that, in January, the U.S. Justice Department said that American, German and Dutch authorities had shut down a global ransomware group that had targeted 1,500 victims in 80 countries and received $100 million in ransom payments.