When Kronos’ ransomware attack last year took down their time-tracking software, many users were frustrated and left scrambling for answers. In addition to tracking employee hours, payroll, and year-end bonuses, they were also trying to keep track of vacation usage for the holidays. The ransomware was able to lock their systems up for several weeks, forcing many to scramble to recover the system. Luckily, Kronos has announced that it will restore the system and is working to fix the problem.
Ransomware locked up time records for thousands of companies
Recently, a cyber-attack targeting a Colorado-based rail operator and logistics provider was blamed on the Kronos ransomware. While the company says it did not launch the ransomware itself, some of its employees’ time records were copied, and no sensitive customer data was stolen. A third party is examining the situation. The company hasn’t released its own information yet but has notified customers that their time records were affected.
The National Security Authority of Slovakia registered several incidents related to the attacks, including the ones targeting energy, public administration, and IT. In both cases, hackers demanded hundreds of thousands of Euros to restore the systems. The reports include a potentially serious third-degree cybersecurity incident that may have affected critical infrastructure in the state. In the United States, the Dixie Group, a major manufacturer of luxury carpets, was also affected by the attack and shut down its network until the problem can be resolved.
Vendor misled customers
While Kronos is recovering from a massive ransomware attack, the company’s applications are still not available. The outage has affected payroll for several health systems and has led to many employees and customers venting their frustration on social media and community boards. The company’s failure to prepare for system disruptions and to properly communicate with customers is at fault, but the outage has not been isolated. This article provides an overview of the current state of the situation.
The company believes it is providing investors with useful information by disclosing the percentage change in average selling prices of TiO2 in billing currencies, which allows for analysis without the impact of foreign currency exchange rates. This allows investors to make comparisons of relative changes in selling prices across billing currencies. However, it should be noted that currency exchange rates vary. Therefore, Kronos believes the percentage change in its average selling prices in different billing currencies is either higher or lower than the actual percentage change.
Redundant backups weren’t enough
The cyberattack that affected Kronos’ private cloud platform has been the subject of much concern. The private cloud platform houses Kronos’ Human Resource and Payroll applications, as well as UKG TeleStaff and Banking Scheduling. It is located in three separate data centres. During the time of the attack, Kronos had redundant backups set up in each data centre. However, those backups weren’t sufficient to stop the attacks.
As a result, many organizations are willing to pay a ransom rather than deal with the inconvenience of restoring their data. Cybercriminals have become increasingly sophisticated, and have learned to circumvent backups by exfiltrating sensitive data first. This practice was recently exposed when the Colonial Pipeline extorted more than 80GB of data from a Kronos client. They threatened to release it, however, only after the data was paid.
Timeline for full system recovery
If your business runs on Kronos, you’re probably wondering how long it will take to recover from a failed server. A week to a month, even, is a long time to be without your software, but that’s exactly what happened when Kronos’s Private Cloud applications went down last week. The company has since made it clear that the system will be down for several weeks and recommended that clients invoke alternate business continuity procedures. In the meantime, you can reach out to the UKG Customer Support Team for more information.
The latest information on the Kronos ransomware attack comes as customers speculate that their companies’ data centres were compromised as a result of the Log4Shell vulnerability. Kronos executives have clarified the situation as a “ransomware incident.” While it may take weeks for the system to fully recover, the company says it has other business-continuity protocols in place to ensure that customers continue to operate while the system is down.