Kronos, Payroll & HR Provider, Hit With Ransomware

Kronos, Payroll & HR Provider, Hit With Ransomware

Kronos was recently hit with a massive ransomware attack. Kronos is a payroll & HR company. They are like an ADP to the Fortune 500 and large enterprises. They offer all kinds of services around payroll, getting paid, HR, workforce management, things like that. And they were hit with ransomware, of course, because ransomware is hitting companies left and right, whether you're big or small. There's a ransomware attack about every 11 seconds at this point, and that's the world we live in today. I could write a blog post every 11 seconds if I wanted to because that's the world we live in.

The frustrating part for me is a lot of these ransomware attacks don't get reported in the news. You don't hear about them. So business owners don't think it's as big of a problem. So what we're dealing with here is Kronos is under attack right before the holidays. The interesting thing and why I wanted to talk about this one is that they engaged cybersecurity experts to assess and resolve the situation. That's a great move. And they're working to recover from backups.

What the experts helping Kronos have determined, what Kronos management now realizes, and what I've been educating on in my recent talks about ransomware is that this isn't a one- or two-day event. These cyber-attacks, like ransomware, will be a multi-day event, if not multiple weeks. And as Kronos found out, they're going to be, at best, three weeks before they're back up and running. And the interesting thing about this and why I wanted to bring this to everyone's attention and make a blog post, they were telling customers to go somewhere else and find another provider. I guess maybe with the thought that these people will come back once Kronos gets the situation under control. Or maybe, the Kronos management sees the writing on the wall that it will be challenging for them to recover from this.

But legally, these companies of Kronos need to pay their employees. And if this company can't do that and can't fulfill that and can't run payroll, I guess the only advice you can give is to find other providers. But the question most clients of Kronos are asking is, "how long before it will be fixed and we can run payroll?". Unfortunately, it could take up to several weeks before services are restored. And the company advises customers to consider alternative business continuity protocols related to any Kronos service they use. That's assuming if they have business continuity protocols.

And then the question becomes, does this company, Kronos, have business continuity protocols? Because if they're telling you, "Go to your backup plan because our software broke." There is another supply chain type of impact here on the payroll industry and companies that use Kronos for payroll. Then we have other rumors floating around, like the question around Log4j and whether Log4j contributed to this?

Log4j is a popular logging package for Java software used in games like Minecraft and banking and financial applications. And then critical vulnerability was just discovered. You can go to our video on that here. It could be that Kronos was immediately exploited because they had this Log4j exploit on one of their servers. Next, cybercriminals could overtake the server and then deploy ransomware throughout the whole company. It's going to take them weeks to recover. And they're telling companies to find somebody else to do these things.

In a statement Monday, the University of Utah, a customer of Kronos, had established a task force to determine how the ransomware attack may have impacted their systems. But the paychecks will be distributed on schedule, although there may be adjustments later to reflect corrections as needed. So obviously, they're just running payroll, and then they'll maybe put it through the system and adjust accordingly, but they'll probably run it based on salary or what you got paid last payroll system or whatever. But it sounds like they're going to cut paper checks to get people paid, but then where does that leave them?

It doesn't look like direct deposits will happen for anybody who uses Kronos. You're going back to paper checks. You might use other methods or fall back to your own company's backup procedures or disaster recovery procedures. But the question becomes if you're a Kronos client, will you stay with them? If you're a Kronos customer, you're reading this blog, and I'd love to hear whether you're going to continue to work with this company or not? Has this ransomware attack broken the trust you've had with them? Are you going to move on from Kronos as a result?

It will be interesting to see what happens here. We will update as the details from this ransomware attack against Kronos emerge. We will learn more in about a month to two months, but that's where we're at today. Kronos, unfortunately, was a victim of a ransomware attack. And this company has come out and publicly said for their customers to seek alternative solutions.

They meant that that would be backup solutions like paper checks and things like that. But I got to imagine that some phone calls are going to be made to competitors, and some competitors will pick up new clients as a result of any payroll or HR company that uses Kronos on their backend system.