It comes just two months after 621 of the touch-screen units were installed at 420 stations across the north of England at a cost of £17m.
The government-run operator said it had taken "swift action" along with its supplier, Flowbird, and customer and payment data had not been compromised.
"This is the subject of an ongoing investigation with our supplier, but indications are that the ticket machine service has been subject to a ransomware cyber-attack," it confirmed.
"We immediately instigated our major incident procedure in order to protect other parts of the network and our checks have shown there has been no compromise to any personal data," a spokesperson said.
Northern's website said there had been a fault with the self-service ticket machines and it had been experiencing "technical difficulties".
Customers have been advised to use either its app or website to buy tickets in advance, and they can be collected from one of its ticket offices.