Kronos services knocked offline by ransomware attack

Male hacker hand on laptop computer keyboard with red binary screen of ransomware attack
(Image credit: Shutterstock)

Kronos, a provider of human resources (HR) products, has confirmed its Kronos Private Cloud has been hit with ransomware that has knocked some of its services offline.

The global supplier of business software for tasks such as timekeeping said Kronos UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services - products relating to employee management, emergency services scheduling, and staff scheduling for banks and credit unions respectively - are all said to be affected.

Communicating to customers through the company's online community and help centre platform, Kronos officials said on-premise environments are unaffected and there is no impact to UKG Pro, UKG Dimensions, or UKG Ready.

Bob Hughes, executive vice president at Kronos addressed customers on Monday confirming the incident was indeed ransomware-related.

Hughes also said "it may take up to several weeks to restore system availability" and that customers should take additional measures to ensure the smooth running of their business while the outage persists.

"We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities," said Hughes. "The investigation remains ongoing, as we work to determine the nature and scope of the incident.

"We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognise the seriousness of this issue and will provide another update within the next 24 hours."

IT Pro contacted Kronos for further details, including if the company still has access to emails, but it did not reply at the time of publication. It's also unclear at this time if the ransomware attack was launched via the recently discovered and widely feared Log4Shell Java vulnerability.

According to a Kronos customer success manager replying to a customer in the company's online help centre, there is currently no indication that any customer data has been compromised in the attack and it has "all available resources deployed to mitigate any loss or access to companies personal data".

Kronos customers have been contacting the company in droves seeking help on business continuity issues. Common issues involve customers not being able to export employee timesheet data, manually pulling employee timekeeping information, and seeking help to get set up on-premises.


The best defence against ransomware

How ransomware is evolving and how to defend against it


Experts have said the incident should serve as a reminder to all business owners and decision-makers that ransomware attacks such as the one sustained by Kronos must be accounted for when devising a business continuity strategy.

"Whether your workforce management solution is hosted in-house, or externally delivered from the cloud, if you have determined that solution is mission-critical for your day-to-day operations, you need to include scenarios just like this ransomware attack as part of your broader business continuity planning," said Ben Smith, field CTO at NetWitness, to IT Pro.

"What’s your backup plan if that platform is suddenly unavailable? Do you have alternate processes in place you can spin up temporarily while your vendor gets back on its feet? Even if this means some possibly painful manual work for you and your team, it’s better to have those processes and procedures ready to go, versus not having that backup plan at all."

Connor Jones

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.