Kronos hit with ransomware, warns of data breach and 'several week' outage

The HR management platform has already informed major customers, like the city government of Cleveland, about the attack.

This is ransomware's golden age: How to bring it to an end

HR management platform Kronos has been hit with a ransomware attack, revealing that information from many of its high-profile customers may have been accessed. 

UKG, Kronos' parent company, said the vital service will be out for "several weeks" and urged customers to "evaluate and implement alternative business continuity protocols related to the affected UKG solutions."  

ZDNet Recommends

The best VPN services The best VPN services Every remote worker should consider a virtual private network to stay safe online.

In a statement to ZDNet, UKG said it "recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud," which they said "houses solutions used by a limited number of our customers." 

"We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services," the company said.

The statement comes hours after the company posted a message on the Kronos community message board, explaining that staff  noticed "unusual activity impacting UKG solutions using Kronos Private Cloud" on Saturday night. This private cloud houses data for UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions.

"At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud," Kronos' executive vice president Bob Hughes wrote. 

The attack caused a stir online, with some cybersecurity experts reporting multiple messages from companies that could no longer process payroll as of Monday morning due to the outage. 

Other sources said the outage would cause them to miss payroll for this week -- a harrowing idea considering how close Christmas is -- while many are scrambling to find alternative solutions. Many organizations use Kronos to organize timesheets, meaning schedules for the next few weeks will be thrown into disarray by the outage. 

"Every time they call in for help, they get a different answer about what is going on," the source said, adding that in one initial call, the Kronos representative did not even know a ransomware attack had occurred. 

Kronos' work management software is used by dozens of major corporations, local governments, and enterprises, including: the City of Cleveland's government, Tesla, Temple University, Winthrop University Hospital, Clemson University, and UK supermarket chain Sainsburys. 

The City of Cleveland sent out an urgent message on Monday, telling WKYC that UKG contacted them and other clients to tell them that the ransomware attack may have compromised employee information like names, addresses, social security numbers, and employee IDs.

Ransomware expert Allan Liska criticized how the conversation about the attack is playing out online. 

"Some people on Twitter are blaming the small businesses, who are victims here, for not having a backup plan in place for payroll. I feel that's crap; you are outsourcing your payroll to a company that is supposed to have contingency plans in place for you," Liska said.

The company would not answer questions about which ransomware group was behind the attack. 

Show Comments