Kronos, a provider of human resources (HR) products, has confirmed its Kronos Private Cloud has been hit with ransomware that has knocked some of its services offline.
The global supplier of business software for tasks such as timekeeping said Kronos UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services - products relating to employee management, emergency services scheduling, and staff scheduling for banks and credit unions respectively - are all said to be affected.
Communicating to customers through the company's online community and help centre platform, Kronos officials said on-premise environments are unaffected and there is no impact to UKG Pro, UKG Dimensions, or UKG Ready.
Bob Hughes, executive vice president at Kronos addressed customers on Monday confirming the incident was indeed ransomware-related.
Hughes also said "it may take up to several weeks to restore system availability" and that customers should take additional measures to ensure the smooth running of their business while the outage persists.
"We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities," said Hughes. "The investigation remains ongoing, as we work to determine the nature and scope of the incident.
"We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognise the seriousness of this issue and will provide another update within the next 24 hours."
IT Pro contacted Kronos for further details, including if the company still has access to emails, but it did not reply at the time of publication. It's also unclear at this time if the ransomware attack was launched via the recently discovered and widely feared Log4Shell Java vulnerability.
According to a Kronos customer success manager replying to a customer in the company's online help centre, there is currently no indication that any customer data has been compromised in the attack and it has "all available resources deployed to mitigate any loss or access to companies personal data".
Kronos customers have been contacting the company in droves seeking help on business continuity issues. Common issues involve customers not being able to export employee timesheet data, manually pulling employee timekeeping information, and seeking help to get set up on-premises.
RELATED RESOURCE
The best defence against ransomware
How ransomware is evolving and how to defend against it
Experts have said the incident should serve as a reminder to all business owners and decision-makers that ransomware attacks such as the one sustained by Kronos must be accounted for when devising a business continuity strategy.
"Whether your workforce management solution is hosted in-house, or externally delivered from the cloud, if you have determined that solution is mission-critical for your day-to-day operations, you need to include scenarios just like this ransomware attack as part of your broader business continuity planning," said Ben Smith, field CTO at NetWitness, to IT Pro.
"What’s your backup plan if that platform is suddenly unavailable? Do you have alternate processes in place you can spin up temporarily while your vendor gets back on its feet? Even if this means some possibly painful manual work for you and your team, it’s better to have those processes and procedures ready to go, versus not having that backup plan at all."
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
