Kronos Ransomware Attack, Around 2,000 US Firms Affected!

While many attacks target high-profile organizations like Kaseya, Volvo Cars, and IKEA, many more are aimed at SMBs, who often put security on the backburner.  A recent ransomware attack on Ultimate Kronos Group (UKG) – a leading human resource management company created chaos around attendance, scheduling, and payroll for thousands of employers.


Also Read: Ransomware Response and Recovery Plan


The company revealed that malicious actors allegedly gained control of its cloud-based time and attendance systems known as Kronos Private Cloud.

“We recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers. We took immediate action to investigate and mitigate the issue and are working with leading cybersecurity experts. We recognize the seriousness of the issue and have mobilized all available resources to support our impacted customers,” said UKG in a statement.

UKG said that all products housed in the Kronos Private Cloud, including UKG Workforce Central, Healthcare Extensions, UKG TeleStaff, and Banking Scheduling Solutions, are currently unavailable.

The affected software products are widely used by businesses and governments across the US to track employees’ hours and issue payments.

The Kronos ransomware attack pushed employees of around 2,000 organizations into hot water.

The affected organizations included enterprise companies, hospitals, government agencies, universities, and emergency services like fire and police departments. Some of them are New York’s Metropolitan Transportation Authority, Oregon Department of Transportation, University of Utah, George Washington University, and Yeshiva University in New York.

The Kronos ransomware attack is very daunting, especially when many companies are busy during the holiday season.

“It could not be worse timing, as many companies employing hourly workers are busier during the holiday season and having to track more overtime,” said Sam Grinter, senior principal analyst at Gartner. “The attack not only comes during the crucial end of the year for scheduling and staffing but also right when UKG’s annual customer conference was getting underway.”

“Clients are very worried about this and are trying to figure out what to do. It’s not something we’ve seen before on this scale, on the HR side,” he added.

The impacted companies are urged to look for alternative business continuity protocols as Kronos is yet to regain control of its affected software.

“Due to the nature of the incident, it may take up to several weeks to fully restore system availability. While UKG has dedicated extensive resources to resolving this issue and supporting our impacted customers, we do not have an estimated time of resolution. As a result, UKG continues to strongly recommend our customers work with their leadership to activate their business continuity plans,” the company informed.


Also Read: How Can Companies Be More Resilient in the Face of Ransomware Threats?


Meanwhile, the company emphasized that the instances of the said software products deployed in on-premises or self-hosted environments are not affected by the attack.

However, the details on what customer data has been compromised are still unknown.

“Our investigation is ongoing, and we are working diligently to determine whether customer data has been compromised. We will keep you updated as new information becomes available,” mentioned UKG.

How can businesses outsmart cloud-based attacks?

Cloud Computing

The UKG attack shows us that ransomware attacks have become more pervasive, even impacting solutions housed in the cloud environment. Organizations that totally rely on the cloud are especially at high risk, as they have no other respite in sight when attacked. This grueling ordeal hogs the limelight on the ability of the hybrid cloud model in outsmarting cloud-based cyberattacks.

The hybrid cloud brings the best of both worlds, i.e., public cloud and on-premises data center. In case of any cyberattack on the public cloud environment, channeling their operations to on-premises infrastructure is a good way.


Also Read: 18 Tips To Prevent Ransomware Attacks!


However, this can be easy said than done. In order to harness the full potential of a hybrid cloud, one ought to navigate the security complexities of both cloud and on-premises environments. Hybrid cloud security management can turn expensive if not planned properly. This is where StealthLabs comes in.

As a leading IT security services provider, StealthLabs brings in the domain expertise to cater to the security needs of businesses of all sorts. Whether you are in multi-cloud or hybrid-cloud, we have security solutions customized to your requirements. Our security experts help you become more resilient in the face of ransomware threats. Join forces with us to stay secure and safe.

Contact Us


More New Articles: