[US] Kronos ransomware attack could lead to ‘several weeks’ outage

HR management platform Kronos announced that it has been hit with a ransomware attack and cautioned that information from many of its high-profile customers may have been accessed, ZDNet reports.

UKG - Kronos' parent company - said the service will be out for "several weeks" and urged customers to "evaluate and implement alternative business continuity protocols related to the affected UKG solutions."  

In a statement to ZDNet, UKG said it "recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud," the statement said the cloud "houses solutions used by a limited number of our customers.

"We recognize the seriousness of the issue and have mobilised all available resources to support our customers and are working diligently to restore the affected services."

The statement came just hours after the company posted a message on the Kronos community message board, explaining that staff had spotted "unusual activity impacting UKG solutions using Kronos Private Cloud" on the night of December 11. 

This private cloud houses data for UKG Workforce Central, UKG TeleStaff, Healthcare Extensions and Banking Scheduling Solutions.

"At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud," Kronos' executive vice president Bob Hughes wrote. 

The attack had a ripple effect online, with some cybersecurity experts reporting multiple messages from companies that could no longer process payroll from Monday morning as a result of the outage. 

Other sources said the outage would cause them to miss payroll for this week - an alarming notion this close to Christmas - leaving many hastily trying to find alternative solutions. A significant number of organisations rely on Kronos to organise timesheets, meaning schedules for the next few weeks will be in disarray. 

"Every time they call in for help, they get a different answer about what is going on," a source said, noting that in an initial call, the Kronos representative was unaware that a ransomware attack had occurred. 

Kronos' work management software is used by dozens of major corporations, local governments, and enterprises. They include the City of Cleveland's government, Tesla, Temple University, Winthrop University Hospital, Clemson University and UK supermarket chain Sainsbury’s. 

The City of Cleveland sent out an urgent message on December 13, informing WKYC that UKG had contacted them and other clients to warn them that the ransomware attack may have compromised employee information like names, addresses, social security numbers and employee IDs.

Ransomware expert Allan Liska is critical of the way the conversation about the attack is playing out online.

"Some people on Twitter are blaming the small businesses, who are victims here, for not having a backup plan in place for payroll. I feel that's crap; you are outsourcing your payroll to a company that is supposed to have contingency plans in place for you," Liska said.

The company did not respond to queries about which ransomware group was behind the attack. 

Source: ZDNet

(Links and quotes via original reporting)

HR management platform Kronos announced that it has been hit with a ransomware attack and cautioned that information from many of its high-profile customers may have been accessed, ZDNet reports.

UKG - Kronos' parent company - said the service will be out for "several weeks" and urged customers to "evaluate and implement alternative business continuity protocols related to the affected UKG solutions."  

In a statement to ZDNet, UKG said it "recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud," the statement said the cloud "houses solutions used by a limited number of our customers.

"We recognize the seriousness of the issue and have mobilised all available resources to support our customers and are working diligently to restore the affected services."

The statement came just hours after the company posted a message on the Kronos community message board, explaining that staff had spotted "unusual activity impacting UKG solutions using Kronos Private Cloud" on the night of December 11. 

This private cloud houses data for UKG Workforce Central, UKG TeleStaff, Healthcare Extensions and Banking Scheduling Solutions.

"At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud," Kronos' executive vice president Bob Hughes wrote. 

The attack had a ripple effect online, with some cybersecurity experts reporting multiple messages from companies that could no longer process payroll from Monday morning as a result of the outage. 

Other sources said the outage would cause them to miss payroll for this week - an alarming notion this close to Christmas - leaving many hastily trying to find alternative solutions. A significant number of organisations rely on Kronos to organise timesheets, meaning schedules for the next few weeks will be in disarray. 

"Every time they call in for help, they get a different answer about what is going on," a source said, noting that in an initial call, the Kronos representative was unaware that a ransomware attack had occurred. 

Kronos' work management software is used by dozens of major corporations, local governments, and enterprises. They include the City of Cleveland's government, Tesla, Temple University, Winthrop University Hospital, Clemson University and UK supermarket chain Sainsbury’s. 

The City of Cleveland sent out an urgent message on December 13, informing WKYC that UKG had contacted them and other clients to warn them that the ransomware attack may have compromised employee information like names, addresses, social security numbers and employee IDs.

Ransomware expert Allan Liska is critical of the way the conversation about the attack is playing out online.

"Some people on Twitter are blaming the small businesses, who are victims here, for not having a backup plan in place for payroll. I feel that's crap; you are outsourcing your payroll to a company that is supposed to have contingency plans in place for you," Liska said.

The company did not respond to queries about which ransomware group was behind the attack. 

Source: ZDNet

(Links and quotes via original reporting)