Incident Response.

⚠️ ALERT: Jackpotting Activity Reported in Northwest Oregon and Southern Idaho

We have received reports of active jackpotting attacks targeting ATMs in the Northwest Oregon and Southern Idaho regions. These incidents are consistent with known patterns of organized criminal activity seen in recent months across the U.S.

Please ensure the following actions are taken immediately:

• Verify Hard Drive Encryption is enabled on all ATMs.

• Confirm BIOS and firmware are up to date with the latest security releases.

• Inspect for tampering daily.

• Verify top hat of ATM is alarmed and create a response plan for active alarms to include historical footage review.

• Increase monitoring through Command Center or other remote management tools.

• Report any suspicious activity to the NOC immediately.

These attacks are highly coordinated and often occur after hours. Quick reporting and verification of system integrity are critical in preventing losses.

If your team identifies anything unusual, contact support@cooksolutionsgroup.com or (844)-305-2665 option 3 right away.

‍

12:45(PST) - Performance continues to be stable, all services operating as expected and AWS reports systems operating normally. We will continue to monitor closely for the remainder of the day. Incident is resolved.

12:00(PST) - Most systems have stabilized, Piko cloud is responding and the CSG website is back in service. AWS reports repairs are still underway. We will continue monitoring performance. Next update by 17:00 PST.

09:30(PST) - We have confirmed that the current AWS disruption is causing the connectivity issues with Piko clients and the CSG website. Once the AWS issues are resolved our services should return. Next update by 12:30 PST.

07:30(PST) - We are aware of an issue with Piko Cloud clients that show all systems as unreachable when logged in to desktop or mobile. The web portal at cloud.pikovms.com does not seem to be affected. This interruption is affecting some users. All systems are recording locally as expected. The team is currently investigating. Next update by 09:30 PST.

We continue to test the BIOS updates with positive results in preperation for mandatory updates starting Monday August 18th. Updates will be installed on all NCR ATM/ITM on RemoteView over several weeks.  Any machines not connected to the RemoteView service will need to open a Support Ticket to schedule a technician visit to install the update on site. Any questions or concerns, please open a Support Ticket at cc.cooksolutionsgroup.com or by emailing Support@cooksolutionsgroup.com

We continue to test the BIOS updates to confirm performance and which core types are affected. We expect to begin deployments in the next week or two and will send additional communication at that time.

You may have recently received notifications from NCR regarding new guidance to mitigate the risk of Direct Memory Access (DMA) attacks. While Cook Solutions Group has not observed any customer environments affected by this specific attack vector, we recognize the seriousness of the threat and support NCR’s recommended mitigation strategy.

To address this vulnerability, NCR has released BIOS updates designed to disable the PCIe bus, thereby preventing malicious devices from being used to inject malware or extract sensitive data through physical access. As part of our standard protocol, we will begin testing the updated BIOS internally to ensure functionality and stability. This evaluation period will take place over the next several weeks. Once testing is complete and we are confident in the update’s performance, we will begin a wider deployment to all impacted systems.

We are committed to keeping your systems secure and will keep you informed throughout this process.