The virus used to block NCR's access to the company's data was created in May of this year, where its objective was to block the operating system of machines, namely the virtualization infrastructure of the machines.
"It's like someone took the hard drive out of your computer. It creates an encryption that you no longer have access to the data. It's a specific virus to create this ransomware situation, that is, you no longer have access to your own room, the door is blocked and the only person who has the key is the hacker and, while you don't pay, he doesn't give you the code to enter“, said Ndalu Rocha, Deputy Director of NCR Angola.
According to what was revealed to Novo Jornal, one day was enough time for the company's IT specialists to start restoring access to data encrypted by hackers, which until now are unknown.
The use of backups, supported by copies of data made daily, was instrumental in restoring the system and resuming billing.
"In the letter, in quotes, which they left, no specific group was identified, unlike other attacks, in which there are, for example, groups that identify themselves, or even particular groups. Effectively, on the part of our IT services, no contact was made. What was done was to get down to business and start work quickly on recovering the system, the job being done. Some systems and servers have already been recovered, others are still being recovered. We are on the right track and, in a short time, we will be 100% operational“, he informed.
BUT: NCR suffers cyberattack, hackers demand ransom
It should be noted that NCR currently has six data centers or server locations, all of which were affected by the cyber attack.
"We have all the information until the last working day, so until Friday. Some stores work on Saturdays, but globally, the company administratively works until Friday. We have already recovered the billing software, but then there are several servers, such as email, the second being on the priority list, which we are working on, and there are other systems that have already been restored“, emphasizes the manager.
Ndalu Rocha also adds that the hackers' objective was to block access to data and that, in this type of attack, there is normally no interest in destroying company data. The Director also denied that there are customers whose computer system is connected to NCR
"We have a data center, but we do not host third-party websites, we do not provide this type of service. Situations like these attacks create, above all, reputational damage. Unfortunately, we were victims. Internally, we were able to deal with this situation. We are taking measures with very positive results in view of the short window of time and which are allowing us, little by little, to recover the various affected areas by sector. What IT told us is that about 70% of the backups were already recovered“, Finished.
