Kronos, a provider of human resources (HR) products, has confirmed its Kronos Private Cloud has been hit with ransomware that has knocked some of its services offline.
The global supplier of business software for tasks such as timekeeping said Kronos UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services - products relating to employee management, emergency services scheduling, and staff scheduling for banks and credit unions respectively - are all said to be affected.
Communicating to customers through the company's online community and help centre platform, Kronos officials said on-premise environments are unaffected and there is no impact to UKG Pro, UKG Dimensions, or UKG Ready.
Bob Hughes, executive vice president at Kronos addressed customers on Monday confirming the incident was indeed ransomware-related.
Hughes also said "it may take up to several weeks to restore system availability" and that customers should take additional measures to ensure the smooth running of their business while the outage persists.
"We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities," said Hughes. "The investigation remains ongoing, as we work to determine the nature and scope of the incident.
"We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognise the seriousness of this issue and will provide another update within the next 24 hours."
IT Pro contacted Kronos for further details, including if the company still has access to emails, but it did not reply at the time of publication. It's also unclear at this time if the ransomware attack was launched via the recently discovered and widely feared Log4Shell Java vulnerability.
According to a Kronos customer success manager replying to a customer in the company's online help centre, there is currently no indication that any customer data has been compromised in the attack and it has "all available resources deployed to mitigate any loss or access to companies personal data".
Kronos customers have been contacting the company in droves seeking help on business continuity issues. Common issues involve customers not being able to export employee timesheet data, manually pulling employee timekeeping information, and seeking help to get set up on-premises.
RELATED RESOURCE
The best defence against ransomware
How ransomware is evolving and how to defend against it
Experts have said the incident should serve as a reminder to all business owners and decision-makers that ransomware attacks such as the one sustained by Kronos must be accounted for when devising a business continuity strategy.
"Whether your workforce management solution is hosted in-house, or externally delivered from the cloud, if you have determined that solution is mission-critical for your day-to-day operations, you need to include scenarios just like this ransomware attack as part of your broader business continuity planning," said Ben Smith, field CTO at NetWitness, to IT Pro.
"What’s your backup plan if that platform is suddenly unavailable? Do you have alternate processes in place you can spin up temporarily while your vendor gets back on its feet? Even if this means some possibly painful manual work for you and your team, it’s better to have those processes and procedures ready to go, versus not having that backup plan at all."
-
Oracle's huge AI spending has some investors worriedNews Oracle says in quarterly results call that it will spend $15bn more than expected next quarter
-
A concerning number of Log4j downloads are still vulnerable four years onNews Despite safe Log4j versions having been available for years, many organizations haven't introduced them
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
