Kronos ransomware attack may cause weeks of HR solutions downtime

Source: This article was first published on https://www.bleepingcomputer.com/news/security/kronos-ransomware-attack-may-cause-weeks-of-hr-solutions-downtime/

Workforce management solutions provider Kronos has suffered a ransomware attack that will likely disrupt many of their cloud-based solutions for weeks.

Kronos is a workforce management and human resources provider who provides cloud-based solutions for managing timekeeping, payroll, employee benefits, analytics, and more. In 2020, Kronos merged with Ultimate Software to create a new company named UKG.

Kronos’ software is used by many companies, including car manufacturers, education institutions, and local governments. Some of the customers using Kronos include Tesla, Temple University, Community Bank, and the San Francisco Municipal Transit Authority,

Kronos hit by a weekend ransomware attack

Today, Kronos disclosed that the UKG solutions using the ‘Kronos Private Cloud’ are unavailable due to a weekend ransomware attack on December 11th.

“As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud,” disclosed Bob Hughes, Executive Vice President for UKG.

“We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud – the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed.”

UKG solutions that are not using the Kronos Private Cloud are unaffected, including UKG Pro, UKG Ready, and UKG Dimensions.

Also Read:  US Cyber Command Warns of Ongoing ‘Mass Exploitation’ of Critical Confluence Vuln

UKG describes Kronos Private Cloud (KPC) as a secure storage and server facility hosted at third-party data centers. This infrastructure is used to host their Workforce Central, Workforce TeleStaff, TeleTime IP, Enterprise Archive, Extensions for Healthcare (EHC), and the FMSI environments.

“Kronos offers a hosting environment built upon a secure infrastructure, which undergoes examinations from an independent auditor in accordance with the AICPA’s SSAE18 (i.e., SOC 1) and the American Institute of Certified Public Accountants’ TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (i.e., SOC 2 and SOC 3),” reads the description of the Kronos Private Cloud infrastructure.

According to Kronos, KPC is secured using firewalls, multi-factor authentication, and encrypted transmissions to prevent unauthorized access to their systems.

Unfortunately, the threat actors were able to breach these systems and likely encrypted servers as part of the attack.

Due to this, Kronos says their KPC solutions are not available and will likely take several weeks before systems become available again. During this time, they suggest customers “evaluate and implement alternative business continuity protocols related to the affected UKG solutions.”

While not much else is known about the attack, this disruption of services comes at a terrible time for customers getting ready for holiday vacations, bonus payments, and a limited workforce.

Also Read:  PCI Security Standards Council and the Cloud Security Alliance issue guidance on scoping cloud environments

An affected customer has told BleepingComputer that they will now have to go back to using spreadsheets and paper and pencil to cut checks and monitor timekeeping for the time being.

BleepingComputer has reached out to UKG with further questions and will update the article when we receive a response.