Kronos Sends Clients Elsewhere After Ransomware Attack
There’s no good time for a ransomware attack, but in the midst of the holiday season when workers depend even more than usual on a steady paycheck, an attack on an HR management company that prevents users from accessing important things like payroll can cause a whole slew of problems.
The HR company in question is the Ultimate Kronos Group and its Kronos Workforce Central arm, which includes scheduling, time and attendance and other workforce management solutions.
And word on the street is users won’t be able to access those services any time soon, maybe even for weeks.
In an alert to clients, Kronos Executive Vice President Bob Hughes wrote that the company was “reaching out to inform you of a cybersecurity incident that has disrupted the Kronos Private Cloud.”
The company said that late last Saturday, December 11, 2021, it “became aware of unusual activity impacting UKG solutions using Kronos Private Cloud” and “took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed.”
Kronos said currently it wasn’t aware of “an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud.”
And while Kronos is working with cybersecurity experts to resolve the incident, the investigation is ongoing and the nature and scope of the attack have yet to be determined.
Noting that the Kronos Private Cloud solutions are currently unavailable and “given that it may take up to several weeks to restore system availability,” Kronos “strongly” recommended clients “evaluate and implement alternative business continuity protocols related to the affected UKG solutions.”
In the meantime, users can get support and input on business continuity plans through the UKG Kronos Community and the UKG Customer Support Team, the company said.
“Ransomware attacks are becoming bolder and more sophisticated, using evasive malware techniques to get around regular EDR antivirus solutions,” said Eddy Bobritsky, CEO, Minerva Labs. “As we can see here, even with quick detection and immediate action, a small ransomware attack can result in damages that can take ‘up to several weeks to restore system availability.’”
Bobritsky added, “This is why, despite its difficulty, it is important to start moving toward a preventative approach rather than a detect-and-respond strategy.”
Ayal Yogev, CEO and co-founder of Anjuna Security, agreed. “We continue to see that even the most fastidious SaaS companies struggle to protect their businesses because today’s computing paradigm equates host access with unfettered data and process access,” Yogev said.
There’s hope on the horizon, though. “A new generation of powerful secure computing technologies uncouple this dangerous link that is the enabler of so many breaches today,” said Yogev.
Kronos clients are taking steps to protect their own organizations. “We are blocking/disabling all ADFS and LDAP connections to UKG/Kronos Cloud until they have a better handle on what they have,” said one in response to Hughes’ online post. “At this point, they are an untrusted entity and will be treated as such. There is no good they can do us at this time.”
Another wrote that its company is “reapplying firewall rules to disallow traffic to/from the devices within our own network” and asked other users to weigh in with “other precautionary measures you are taking at your company.”
But some Kronos customers are not pleased with the company’s response. “It is extremely disappointing how this has been handled,” one wrote. “The fact that Kronos’ response to all of us is to implement our organization’s current business continuity plan—yet they don’t have one. Additionally, they are not providing us with any type of solution to install locally so that we can gather our data. I know that we will be unable to wait ‘several weeks’ for a solution for our timekeeping. Why did I renew my support when I am not receiving any?”
