Kronos ransomware attack: The nightmare that could hit paychecks right before Christmas

p 1 Kronos ransomware attack could hit your wallet right before the holidays

Kronos, a multinational workforce administration platform, has been hit by a ransomware assault that the corporate mentioned could drive its system offline for a number of weeks.

In line with dad or mum firm Final Kronos Group (UKG), the assault disrupted Kronos Personal Cloud options, which shops knowledge for UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Options. Workforce Central is the software program that staff use to schedule shifts, log absences, and clock out and in of labor. UKG mentioned it grew to become conscious of the incident after detecting “uncommon exercise” on Saturday, and commenced taking steps to “examine and mitigate” it. It has since enlisted high cyber-security specialists to resolve the state of affairs, however warned that its software program could keep down for some time.

Sadly, Kronos boasts a ledger of big-name purchasers together with Tesla, MGM Resorts Worldwide, Puma, Sainsburys, the YMCA, and town of Denver. The information-tech-focused web site ZDNet reported that multiple companies were unable to process payrolls as of Monday, and different sources mentioned the outage could trigger them to overlook paychecks main as much as their vacation breaks.


New York’s Metropolitan Transportation Authority, one other Kronos consumer, also revealed Monday that its payroll and shift-keeping techniques have been inaccessible. Purchasers have been inspired by Kronos to “implement different enterprise continuity protocols” within the meantime. Nevertheless, these purchasers additionally embody some small companies with out contingencies in place, that are ill-equipped to rustle up a contract on such quick discover.

But when that wasn’t unhealthy sufficient, the assault may additionally have compromised private data. The metropolis of Cleveland, one more Kronos consumer, informed native information station WKYC that it received an alert from UKG that some staff’ names, addresses, and final 4 social safety digits could have been stolen. UKG mentioned its investigation continues to be ongoing.

The cloud supplier has not mentioned which ransomware group was behind the assault, however some analysts speculate it’s linked to the Log4Shell flaw, which was discovered final week exploited in Minecraft servers, and is already being described as one of the crucial critical threats ever seen. Discovered inside Log4J, an open-source Java-based logging framework, it’s a zero-day vulnerability—that means it’s been disclosed however not patched—that lets malicious actors, even these with low ability units, run nearly any code within the wild. Most troublingly, Log4J is ubiquitous, utilized by huge web firms like Amazon, Cloudflare, Steam, Twitter, and Baidu. Hopefully, they’re all hustling to engineer fixes before it’s too late.

If not, the implications could be dire. In 2017, an analogous vulnerability was exploited to breach shopper credit score company Equifax, compromising knowledge from over 100 million prospects. Equifax has since been ordered to pay $77.5 million to these affected in a class-action lawsuit.