Kronos has taken down its private cloud services and advises customers to use “alternative business continuity protocols” while the company is working on mitigating the attack.
Kronos Private Cloud is an HR management firm, also known as Ultimate Kronos Group, offering timekeeping services to many high-profile firms globally. Reportedly, the company is the latest victim of a ransomware attack.
According to the company’s Executive VP, Bob Hughes, they noticed unusual activity this Saturday, and while mitigating the issue, they learned that UKG had suffered a ransomware attack.
“We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities. The investigation remains ongoing, as we work to determine the nature and scope of the incident,” Hughes explained in a blog post.
Operations Restoring May Take Weeks
Kronos has sent emails to its corporate customers to notify them about the ransomware attack. The company stated that it had taken its private cloud services offline post the attack and advised customers to use “alternative business continuity protocols” since restoring operations may take several weeks.
After the attack, Kronos’ clients could not access payroll processing and staff management services. Hughes urged in his blog post that clients should switch to alternative services.
“Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions.”
Trouble for UKG’s clients
UKG claims that internal investigation indicates the attack affected Kronos Private Cloud. It’s a part of UKG’s business that deploys UKG Workforce Central, Healthcare extensions, UKG TeleStaff, and Banking Scheduling Solutions.
This means big trouble for companies that execute payroll and management services through UKG since payroll service inactivity would leave most clients without pay when holidays are just around the corner.
Some of the high-profile clients that rely on the impacted services of UKG include Puma, Tesla, the City of Cleveland, and Sainsbury’s. UKG noted that there’s no indication that UKG Ready, UKG Pro, UKG Dimensions, or other UKG businesses/solutions were impacted.
When contacted, Sainsbury’s representative stated that they are in touch with Kronos as the investigation continues.
“We’re in close contact with Kronos while they investigate a systems issue. In the meantime, we have contingencies in place to make sure our colleagues continue to receive their pay.”
It is yet unclear if attackers utilized the Log4j RCE flaw. The identity of the attackers is also undisclosed at the time of writing.