Kronos Private Cloud, a HR management platform, has suffered a ransomware attack which puts many of its high-profile customers’ data at risk.
Ultimate Kronos Group (UKG), Kronos’ parent company, said the attack will bring down the service for “several weeks” and advised customers to “evaluate and implement alternative business continuity protocols related to the affected UKG solutions”.
UKG became aware of the attack late on Saturday, December 11, due to unusual activity affecting the company’s range of solutions that utilise the Kronos Private Cloud.
In a post on Kronos’ community message board, UKG executive VP Bob Hughes pointed to “UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions” as the disaffected offerings.
Kronos’ work management software is used by a number of major corporations and local governments, including Boots, Sainsbury’s, Santa Clara Country, Temple University, Tesla, and Winthrop University Hospital.
The attack means companies’ payrolls will cease to function as employees won’t know their schedule and clocking in and out won’t be recorded.
It still remains unknown as to how the attackers managed to bypass UKG security, although the Log4j vulnerability is a likely candidate.
The attackers’ identities also remain unknown to the public at the time of writing.
Looking to learn how to establish a strategic hybrid cloud? Learn more about the virtual Hybrid Cloud Congress, taking place on 18 January 2022 and explore how to optimise and unleash the power of your hybrid cloud.