A ransomware attack on HR management software provider Ultimate Kronos Group could knock offline for weeks the cloud-based solutions that customers use to manage payroll and employee scheduling.
UKG has disclosed it became aware on December 11 of “unusual activity” affecting its Kronos Private Cloud service and had determined it was a ransomware incident. Kronos Private Cloud includes such products as UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions.
‘Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions,” the company advised customers.
Products that are not housed in the Kronos Private Cloud, including UKG Pro, UKG Ready, and UKG Dimensions, were not affected by the hack.
The Boston Globe reported that “HR departments were scrambling to find ways to record employees’ hours worked and ensure they got paid. In some cases that meant returning to pen and paper.”
“This attack drives home the need to not only have, but also to practice, disaster-recovery and continuity-of-operations plans that can be enacted quickly and efficiently,” Erich Kron, a security awareness advocate at KnowBe4, told Threatpost.
“The more heavily reliant organizations are on technical services, even those in the cloud, the more important it becomes to have a plan to operate without these services, even for a short time,” he said.
Ultimate Kronos was formed last year when Lowell, Mass.-based Kronos, a pioneer in online payroll and scheduling services, merged with its Florida rival, Ultimate Software, in a $22 billion deal.
Its work management software is used by dozens of major corporations, local governments, and enterprises, including the City of Cleveland, Tesla, Temple University, Clemson University, U.K. supermarket chain Sainsburys, and New York’s Metropolitan Transportation Authority.
The City of Cleveland said UKG told them and other clients that the ransomware attack may have compromised employee information like names, addresses, social security numbers, and employee IDs.
Even if UKG decides to pay the ransom, Allan Liska, an intelligence analyst at cybersecurity firm Recorded Future, said it can take days to negotiate a settlement with the attackers and put together the cash.