US payments giant NCR confirmed over the weekend that a data center outage is the result of a ransomware attack. A well-known ransomware group has taken credit for the attack. NCR first reported investigating an “issue” related to its Aloha restaurant point-of-sale (PoS) product on April 12. On April 15, the company said a limited number of ancillary Aloha applications for a subset of its hospitality customers had been impacted by an outage at a single data center. “On April 13, we confirmed that the outage was the result of a ransomware incident. Immediately upon discovering this development we began contacting customers, engaged third-party cybersecurity experts and launched an investigation. Law enforcement has also been notified,” NCR said. The company has been working to restore affected services, but said that impacted restaurants should still be able to serve customers, with only specific functionality being impacted. Cybersecurity researcher Dominic Alvieri noticed on April 15 that the ransomware group known as BlackCat, Alphv and Noberus took credit for the attack on its Tor-based leak website, but the post was quickly removed by the hackers. In the now-removed post, the cybercriminals said they were contacted by NCR representatives who wanted to find out what type of data had been stolen from their systems. The hackers claimed they did not steal any actual NCR data, but they did obtain “a lot of credentials” that can be used to access NCR customer networks. The removal of the post naming NCR from BlackCat’s leak website suggests that negotiations have started and the cybercriminals are hoping to get paid. SecurityWeek has reached out to the company to find out if it plans on paying a ransom. The BlackCat ransomware has been around since at least November 2021 and its leak website currently lists more than 300 victims. The group has been known to target industrial companies. Mandiant warned recently that the hackers have been exploiting vulnerabilities in a Veritas data backup product for initial access.