Kronos ransomware restoration may take 'weeks'

Tesla, Jaguar Land Rover and Sainsbury's are all affected customers of Kronos Group

Image:
Tesla, Jaguar Land Rover and Sainsbury's are all affected customers of Kronos Group

The current guidance is to use 'alternative business continuity protocols'

A ransomware attack has hit workforce management solutions provider Ultimate Kronos Group (UKG), impacting its private cloud services including Workforce Central, TeleStaff, Banking Scheduling Solutions and Healthcare Extensions.

The company became aware of unusual activity impacting the Kronos Private Cloud (KPC) on Saturday, 11th December, executive vice president Bob Hughes said in a post on Kronos' customer support forums. Following the discover, it took immediate steps to mitigate the issue.

The company has notified the authorities and is working with cyber security experts to resolve the situation.

Kronos' UKG Pro, UKG Ready, UKG Dimensions, and other UKG products housed outside KPC were not hit in the attack.

"The investigation remains ongoing, as we work to determine the nature and scope of the incident," Hughes noted.

The firm has advised customers to adopt 'alternative business continuity protocols' to support their HR services (easier said than done), as it may take several weeks to fully restore systems supporting those services.

'We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation,' Kronos said.

Kronos is known for its cloud-based solutions for managing payroll, timekeeping, employee benefits, and more. Tens of thousands of businesses and government organisations worldwide use its solutions, including Tesla, Puma, the City of Cleveland's government, Temple University, Winthrop University Hospital, Clemson University, Jaguar Land Rover and Sainsbury's.

Last year, Kronos merged with Ultimate Software to create UKG.

The Kronos Private Cloud is secured using firewalls, multi-factor authentication, and encrypted transmissions, but it appears the attackers were able to breach these systems and encrypt servers as part of the attack.

The City of Cleveland told WKYC on Monday that UKG had told them the ransomware attack might have compromised employee details like names, addresses, social security numbers and employee IDs

A Sainsbury's spokesperson told The Register: "We're in close contact with Kronos while they investigate a systems issue. In the meantime we have contingencies in place to make sure our colleagues continue to receive their pay."

It is not yet known whether the attackers expolited the recently uncovered Log4j vulnerability to compromise Kronos systems.

The UKG incident is the latest in a series of ransomware attacks on large organisations in recent months.

In November, London-based luxury jewellery firm Graff fell victim to a ransomware attack carried out by the notorious Conti gang.

Japanese tech firm Olympus also suffered an attack in September, which impacted its business units in Europe, the Middle East and Africa.

Acronis' latest Cyberthreats Report, released earlier this month, predicted the financial impact of ransomware attacks would exceed $20 billion (about £15 billion) before the end of 2021.