Where Does Kronos Stand After Its Recent Ransomware Attack?

Cyberattacks have been on the rise—ransomware attacks in particular. Even big companies have been targeted. HR and workforce company Ultimate Kronos Group recently fell victim to a ransomware attack.

The company believes it will need several weeks to restore data and resume normal functions. How can a company with such a large database succumb to such an attack?

Ransomware is software that will encrypt files. Once encrypted, the files cannot be accessed without a key. Attacks use the key to extort money, saying the victim can get the key by paying a ransom. These attacks are becoming increasingly popular. From 2019 to 2020, ransomware attacks increased by 62 percent globally, with 158 percent occurring in North America. Additionally, not only are these attacks becoming more common, they’re now affecting high-profile businesses that cannot afford any downtime due to a widespread client base.

Security magazine reported that in 2021, the banking industry was disproportionately targeted by ransomware attacks, which rose 1,318 percent year-over-year. Meanwhile, there was a 4 percent increase in business email compromise, cryptocurrency malware, and harmful apps with COVID-19 scams. Ransomware attacks are becoming more organized, with ransomware gangs forming, such as Twisted Spider and Viking Spider, as well as “ransomware cartels.”

Digital Shadows cyber threat intelligence analyst Stefano Diblasi explained the main focus of ransomware attacks. He added that for these types of attacks, financial institutions are common targets because of their perceived wealth. Manufacturing companies can usually only afford minimal downtime and are more likely to succumb to the pressure of paying the ransom so they can continue doing business.

Because cyber attackers are constantly improving their techniques, it's becoming easier for them to target companies that cannot afford the downtime and pay the ransom. But this payment is argued to be the main reason the attacks continue. Brenntag, a chemical product company, has paid a $7.5 million ransom payment, and the CEO of Colonial Pipeline has paid a $4.4 million ransom payment.

Ultimate Kronos Group (UKG) is in a similar situation. The company said it had noticed suspicious activity that affected UKG’s Kronor Private cloud. Upon investigating the issue, the company concluded it had fallen victim to a ransomware attack by an unnamed source. The Kronos Private cloud was completely disrupted, meaning that UKG Workforce, TeleStaff, healthcare extensions, and banking scheduling solutions are all nonfunctioning.

The company forecast that it would take several weeks to restore the system, and its clients are encouraged to seek out alternative measures. High-profile companies like Puma, Tesla, and the NFL use Kronos's services, making downtime a pressing issue. The timelines are affecting payroll, timesheet recording, and staffing organization. Other companies that use UKG said that they've deployed alternative measures to ensure that their employees get paid on time.

As of two days ago, the issue was ongoing, and Kronos had yet to release information on who had hacked the company. University of Alabama computer science professor Ragib Hasan explained that the Kronos hack could mean a big payday for the attackers, as so many people rely on UKG systems. He added that, when the ransom isn't paid, the information is “essentially lost” even though it's encrypted. WBRC has reached out to Kronos for an update but hasn't heard back yet.