Kronos Ransomware Attack: What You Need to Know
In December of 2021, Kronos, a workforce management company (“a leading provider of HR, payroll, and workforce management solutions for all people” in their own words), was the target of a ransomware attack targeting it’s Kronos Private Cloud. This attack saw vital customer information compromised which is having far reaching impact for both Kronos and its customers that were affected. In order to help raise awareness and public knowledge of ransomware, it is important to have an understanding of what ransomware attacks are and how this one happened specifically.
Ransomware attacks are becoming an increasingly big problem, during the first half of 2022 there were a total of 236.1 million ransomware attacks worldwide. These attacks involve hackers gaining access to or encrypting data on a network and then demanding a ransom to get that data back.
The most common way hackers gain access to or encrypt information is by using malware, which can be hidden in emails, websites, and other online content. Once they have the malware on their network they can use it to lock down files and demand payment before granting access again.
This was the case in the Kronos ransomware attack. Hackers used malware to gain access to their customer’s data and then demanded payment in order to release it back to them. Let’s get into the details of the Kronos ransomware attack.
How the Kronos Ransomware Attack Happened
On December 11th 2021, hackers gained access to the Kronos Private Cloud. They used this access to attempt to spread the malware to other customers.
According to a press release from Kronos, they took immediate action. Kronos was able to identify that the attack was ransomware in nature after recognising “unusual activity impacting UKG solutions using Kronos Private Cloud”.
Unfortunately, it is not yet clear what caused the Kronos ransomware attack to happen, or how they were able to gain access to their server in the first place. What we do know is that tactics like this are becoming increasingly common, and it is essential that companies take steps to protect themselves from similar attacks. This can be done through having strong cyber security measures in place, such as anti-malware software and up-to-date data backup systems. By doing so, companies can significantly reduce their risk of falling victim to a ransomware attack like the Kronos ransomware attack.
Read the Full Kronos Statement
Below is the full Kronos statement that was issued on December 13th 2021 to it’s customers by Leo Daley from UKG Workforce Central. You can read the full statement and comments here.
Which Kronos customers were affected?
While Kronos itself hasn’t released data or information specifying which of its customers were affected, some of them have come forward in public admission that they were affected – either directly or indirectly.
PepsiCo, Tesla and NYC transit workers are reportedly filing lawsuits against the company.
The impact and fallout of the Kronos Ransomware attack
The impact and fallout have been significant. Kronos is a B2B company used to track business hours and issue paychecks with over 2,000 of their customers (i.e. other businesses) impacted by the attack.
The damage to the Kronos brand and reputation is significant too. Outsourcing any service to a 3rd party comes with risk and this ransomware attack highlights one of the more severe of those risks. Kronos will likely have seen customer numbers fall since the attack.
What’s more it took Kronos over two months to get its Private Cloud product back operational after the attack meaning its customers were forced to manually handle their payroll and workforce management during this period.
Other posts and articles you may be interested in.