Kronos Ransomware Outbreak May Shut Down HR Systems For Weeks

Kronos Ransomware Outbreak May Shut Down HR Systems For Weeks

Kronos, a supplier of workforce management tools, has been hit by ransomware, which will likely shut down many of their cloud-based products for weeks. Kronos is a human resources and labor management software company that offers cloud-based solutions for timekeeping, payroll, analytics, employee benefits, and more. Kronos and Ultimate Software merged in 2020 to become UKG, a new corporation.

Many organizations employ Kronos’ software, including automobile manufacturers, educational institutions, and municipal governments. Tesla, Community Bank, Temple University, and the San Francisco Municipal Transit Authority are among Kronos’ customers.

Due to a weekend ransomware operation on December 11, Kronos announced today that the UKG solutions employing the ‘Kronos Private Cloud’ are inaccessible. According to Bob Hughes, Executive Vice President of UKG, they became aware of suspicious behavior hitting UKG systems employing Kronos Private Cloud.

They acted quickly to analyze and remediate the problem, and have established that it is a ransomware attack impacting the Kronos Private Cloud, which includes UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions. UKG Pro, UKG Ready, and UKG Dimensions are not affected because they do not use the Kronos Private Cloud.

Kronos Private Cloud (KPC) is a secure storage and server facility provided by third-party data centers, according to UKG. Workforce Central, TeleTime IP, Workforce TeleStaff, Enterprise Archive, Extensions for Healthcare (EHC), and the FMSI environments are all hosted on this infrastructure.

As per Kronos, to deter unauthorized access to their systems, Kronos uses firewalls, multi-factor authentication, and encrypted transmissions. Unfortunately, as part of the attack, the threat actors could infiltrate these systems and presumably encrypted servers.

Kronos’ KPC solutions are now unavailable due to this, and it will likely be many weeks before they are accessible again. Customers should “evaluate and implement alternative business continuity protocols related to the affected UKG solutions” during this period.

While nothing more is known about the attack, the outage comes at a wrong moment for consumers who are gearing up for Christmas vacations, bonus payments, and shrinking staff. For the time being, an impacted client stated that they would have to revert to employing spreadsheets, paper, pencils to cut checks and track timekeeping.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.