{"id":630669,"date":"2023-04-18T09:49:23","date_gmt":"2023-04-18T14:49:23","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/04\/18\/restaurants-hit-by-it-problems-after-blackcat-attack-on-supplier-ncr\/"},"modified":"2023-04-18T09:49:23","modified_gmt":"2023-04-18T14:49:23","slug":"restaurants-hit-by-it-problems-after-blackcat-attack-on-supplier-ncr","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/04\/18\/restaurants-hit-by-it-problems-after-blackcat-attack-on-supplier-ncr\/","title":{"rendered":"Restaurants hit by IT problems after BlackCat attack on supplier NCR"},"content":{"rendered":"<div id=\"content-header\">\n<h2>Ransomware attack on systems of payments giant causing service outages for restaurants around the world<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>17 Apr 2023 15:00<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>An undisclosed number of users of multinational payment giant NCR\u2019s Aloha point of sale platform for hospitality businesses are experiencing an ongoing outage to their service, following a <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252516148\/BlackCat-emerges-as-one-of-the-top-ransomware-threats\">BlackCat ransomware<\/a> attack last week.<\/p>\n<p>The outage is impacting multiple elements of the Aloha platform in North America, and a limited number of services in both Europe and Asia-Pacific, mostly relating to online ordering.<\/p>\n<p>The incident began on or around Wednesday 12 April and manifested as an outage to the organisation\u2019s DFW05 datacentre that impacted a \u201climited number of ancillary Aloha applications\u201d for a \u201csubset\u201d of its customers.<\/p>\n<p><a href=\"https:\/\/status.aloha.ncr.com\/incidents\/cnl38krr6n6b\">In a statement<\/a>, NCR said: \u201cOn 13 April, we confirmed that the outage was the result of a ransomware incident. Immediately upon discovering this development we began contacting customers, engaged third-party cyber security experts and launched an investigation. Law enforcement has also been notified.<\/p>\n<p>\u201cPlease rest assured that we have a clear path to recovery and we are executing against it,\u201d it said. \u201cWe are working around the clock to restore full service for our customers. In addition, we are providing our customers with dedicated assistance and workarounds to support their operations as we work towards full restoration. Restaurants impacted are still able to serve their customers. Only specific functionality is impaired. There is no impact to payment applications or on-premise systems.<\/p>\n<p>\u201cThe security and integrity of our systems is a top priority for NCR,\u201d the organisation said. \u201cWe will continue to keep you updated with pertinent information and will let you know as soon as impacted services have been fully restored. In the meantime, please contact NCR Support or your account representative if you have any questions or need additional support.\u201d<\/p>\n<p>The attack was claimed by BlackCat on Saturday 15 April, as initially <a href=\"https:\/\/twitter.com\/AlvieriD\/status\/1647143921414287360\">reported by security researcher Dominic Alvieri<\/a>. In a post to its dark web leak site, the gang said that NCR had contacted it to establish what data has been stolen, which is supposedly customer credentials used to access Aloha. These posts have subsequently been removed from the BlackCat site.<\/p>\n<p>Users of NCR\u2019s Aloha platform in the UK include high-profile chains such as BrewDog, Dishoom, Gaucho and Yo! Sushi. There is no indication that data from any of these organisations has been stolen, but posts to the dedicated <a href=\"https:\/\/www.reddit.com\/r\/alohapos\/\">Aloha Subreddit<\/a> suggest that the outage has had <a href=\"https:\/\/www.reddit.com\/r\/alohapos\/comments\/12lh5gj\/how_many_locations_affected_by_dfw05_datacenter\/\">some impact in the UK<\/a>.<\/p>\n<p>\u201cRansomware attacks on POS platforms can have disastrous impacts on the hospitality industry, leading to service downtime and long-term disruption,\u201d said Simon Chassar, chief revenue officer at Claroty.<\/p>\n<p>\u201c<a href=\"https:\/\/claroty.com\/blog\/how-food-beverage-sector-is-adapting-to-increasingly-targeted-ransomware-threats\">Our research<\/a>\u00a0shows that 51% of the food and beverage sector reported substantial disruption when hit by a ransomware attack in 2021. Moreover, these attacks can cause significant financial losses for organisations, with more than a third stating that the revenue impact of operational disruption would be at least one million dollars per hour.\u201d<\/p>\n<p>He said that as the hospitality industry automates and digitises further, its overall risk surface is liable to increase, and with the sector still struggling in the wake of the Covid-19 pandemic, it can ill afford downtime arising from ransomware.<\/p>\n<p>Therefore, Chassar said, it\u2019s essential that hospitality businesses try to implement more proactive practices to secure their systems.<\/p>\n<p>\u201cBusinesses must have visibility across their entire network for all assets connected to understand their risk posture and provide patches to critical assets such as operational technology and IoT devices,\u201d he said. \u201cIt is also essential to segment their networks to restrict unnecessary connectivity and the movement of malware to mitigate the impact of cyber attacks.\u201d<\/p>\n<section data-menu-title=\"Who is BlackCat?\">\n<h3><i data-icon=\"1\"><\/i>Who is BlackCat?<\/h3>\n<p>BlackCat \u2013 which also goes by ALPHV and Noberus \u2013 shot to prominence in early 2022 with <a href=\"https:\/\/www.computerweekly.com\/news\/252512876\/BlackCat-crew-supposedly-behind-OilTanking-ransomware-heist\">a series of heists<\/a> on <a href=\"https:\/\/www.computerweekly.com\/news\/252513488\/BlackCat-ransomware-gang-claims-responsibility-for-Swissport-attack\">critical infrastructure organisations in Europe<\/a>. The operation is backed by a group tracked as Coreid, FIN7 and Carbon Spider in various threat matrices, a long-established player in the Russia-based or -linked ransomware \u201ccommunity\u201d.<\/p>\n<p>By late 2022, it had emerged <a href=\"https:\/\/www.computerweekly.com\/news\/252525240\/ALPHV-BlackCat-ransomware-family-becoming-more-dangerous\">as a highly dangerous actor<\/a>, with frequent updates to its locker malware including an ARM build to encrypt non-standard architectures, and better encryption functionality for its Windows and Linux builds.<\/p>\n<p>BlackCat is a relatively consistent threat compared with the likes of LockBit, but it upped its attacks in February, accounting <a href=\"https:\/\/www.computerweekly.com\/news\/365534069\/Ransomware-attacks-up-45-in-February-LockBit-responsible\">for roughly 13% of ransomware attacks<\/a> booked in NCC\u2019s telemetry for the period, as documented in its monthly threat report.<\/p>\n<\/section>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Data breach incident management and recovery<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/365534069\/Ransomware-attacks-up-45-in-February-LockBit-responsible\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ransomware-attack-encrypted-files-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ransomware-attack-encrypted-files-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/German\/article\/ransomware-attack-encrypted-files-adobe.jpg 1280w\" alt ><\/p>\n<h5>Ransomware attacks up 45% in February, LockBit responsible<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/365532056\/Ransomware-attacks-ravaged-big-names-in-February\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g817486228.jpg 1280w\" alt ><\/p>\n<h5>Ransomware attacks ravaged big names in February<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/waldman_arielle.jpg\" alt=\"ArielleWaldman\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Arielle\u00a0Waldman<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252528118\/Vice-Society-ransomware-a-persistent-threat-to-education-sector\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g886701618_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g886701618_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g886701618.jpg 1280w\" alt ><\/p>\n<h5>Vice Society ransomware &#8216;persistent threat&#8217; to education sector<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/waldman_arielle.jpg\" alt=\"ArielleWaldman\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Arielle\u00a0Waldman<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252525756\/Schools-municipal-governments-ravaged-by-ransomware-attacks\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g691204760_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g691204760_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/ransom_g691204760.jpg 1280w\" alt ><\/p>\n<h5>Ransomware attacks ravage schools, municipal governments<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/wright_robert.jpg\" alt=\"RobWright\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Rob\u00a0Wright<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365535265\/Restaurants-hit-by-IT-problems-after-BlackCat-attack-on-supplier-NCR\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Zonia Coby<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware attack on systems of payments giant causing service outages for restaurants around the world By Alex Scroxton, Security Editor Published: 17 Apr 2023 15:00 An undisclosed number of users of multinational payment giant NCR\u2019s Aloha point of sale platform for hospitality businesses are experiencing an ongoing outage to their service, following a BlackCat ransomware<\/p>\n","protected":false},"author":1,"featured_media":630670,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[581,2564,46],"tags":[],"class_list":{"0":"post-630669","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-problems","8":"category-restaurants","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/630669","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=630669"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/630669\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/630670"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=630669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=630669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=630669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}