What Happened in the Kronos Private Cloud Ransomware Attack?
Ultimate Kronos Group employees as well as employees of many companies worldwide that utilize UKG’s Kronos Private Cloud will be impacted by a ransomware attack.
Dec. 13 2021, Published 1:50 p.m. ET
Ultimate Kronos Group employees as well as employees of many companies worldwide that utilize UKG’s Kronos Private Cloud will be impacted by a ransomware attack that was discovered on Dec. 11. The Register reported that the company notified its corporate customers that it pulled its cloud services offline due to the breach.
The cyber security incident, as executive vice-president Bob Hughes called it, “disrupted the Kronos Private Cloud.” A major impact of the ransomware attack will be that companies who use Kronos’ timekeeping services won't be able to access employee schedules and manage payroll accurately.
UKG was formed by the merger of Kronos and Ultimate Software.
UKG is the result of the merger between Kronos and Ultimate Software, and it stands for Ultimate Kronos Group. The workforce software firms announced the merger in mid-2020, which was to create a new company with an enterprise value of $22 billion and thousands of employees.
The company isn't publicly traded, and its primary shareholder is Hellman & Friedman—a private equity firm that holds approximately 50 percent of the company. Blackstone follows them with a 20 percent–25 percent stake.
Ultimate Kronos Group provides workforce management solutions, human resources management, and cloud computing services. As the company states, “Our purpose is people.”
The company's customers include U.K.-based Jaguar Land Rover and the Sainsbury’s supermarket chain. UKG also has U.S. clients like Santa Clara County, Clemson University in South Carolina, and Winthrop University Hospital in Long Island.
What happened in the Kronos ransomware attack?
UKG Vice President Bob Hughes sent a message to Kronos Private Cloud (KPC) customers early on Dec. 13 to notify them of a ransomware attack. Hughes stated that the company learned of “unusual activity” on Dec. 11, which was determined to be a ransomware incident impacting Kronos’ private cloud.
According to Hughes, the company is working hard to remedy the problem. For now, the Kronos Private Cloud services aren't available. He advised customers that since it could take several weeks to restore the system, “We strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions.”
As The Register noted, the lack of system availability could impact the paychecks of millions whose employers rely on timekeeping services from Kronos. They won't be able to access records. Sainsbury’s, which works with Kronos Private Cloud, stated that it would rely on “contingencies” in place to ensure that employees continue to receive their pay.
The website serving the Kronos community also stated that the attack might have been a "log4j vulnerability." According to The Verge, this type of vulnerability is “unusually easy to exploit and can be triggered in a variety of ways.”
So far, the identity of the hackers who caused this attack isn't known.
What are ransomware and other cyberattacks?
Usually, ransomware attacks involve encrypting files onto a device to make that device and its systems unusable. They can cause severe outages and disruptions, which was the case of the Colonial Pipeline cyberattack in May 2021. Cyberattacks have caused billions of dollars in damages in recent years.