Ultimate Kronos Group, a human resources management company (also known as Kronos), said that it was hit by ransomware and may have to shut down its systems for several weeks.
Software-dependent companies are looking for backup plans to make sure their employees get paid. This includes issuing paper checks — some of which are being issued for the first time since years.
Kronos is widely used by governments and businesses across the country to track employee hours and issue pay. Many of its customers are large corporations, universities and municipal governments. Kronos is also used by NPR.
A spokesperson for UKG stated that ransomware only affected customers who used the Kronos Private Cloud.
“We immediately took action to investigate the issue and mitigate it, have alerted our customers and informed authorities, and we are currently working with top cybersecurity experts. “We recognize the seriousness and urgency of the issue, have mobilized all resources to support customers and are diligently working to restore the affected services,” a spokesperson stated to NPR.
Which employers are most affected?
This week, dozens of companies and government organizations reported that they were affected by the attack. However, this number is far less than the likely impact of Kronos’ widespread use.
This hack involved scheduling products that were specifically made for public safety workers, financial institutions, and health care systems.
Many employers made it clear to their employees that they were affected over the course of Monday, Tuesday and Wednesday. This included workers at New York’s Metropolitan Transportation Authority, San Angelo hospital workers, Honolulu public water workers, and San Angelo hospital workers.
In a Monday statement, the city of Cleveland, which has thousands of employees, stated that it is among those who depend on the hacked software along with the Oregon Department of Transportation.
A number of universities including the University of Utah, George Washington University, and Yeshiva University in New York also reported being affected.
What does this mean for your paychecks?
How the software was used by their employers will determine how much impact individual employees have.
Kronos can be used by employers to clock workers in and out of shifts. However, Kronos-based companies may require employees to track start and finish times manually. Kronos-based companies may also use Kronos to issue paychecks. Paper checks may still be issued if the service is down.
Employers might also decide to give generic paychecks, which compensate employees for a set number of hours rather than actual hours worked. Later corrections can be made if necessary.
Employers are required to keep track of hours worked by employees regardless of timekeeping method (e.g., Kronos or manual time cards) and then pay workers promptly. The frequency of those paychecks may be determined by the individual states.
What about personal data?
Kronos’s personal data is subject to change depending on the employer.
Many companies stated to their employees that they believe the most sensitive personal data, such as Social Security numbers, has not been compromised. However, the city of Cleveland warned them that the last four digits in Social Security numbers could be at danger.
What is the time frame before the service can be fixed?
According to Bob Hughes, chief customer officer and strategy officer of the company, the service might be available for “several more weeks.” Although the post was published on Sunday, it was not accessible until later.
The company advised employers to find “alternative business continuity protocols” to help them while they fix the problem.
Does this have anything to do with Log4j?
It was unclear how ransomware attackers managed to take the software offline as of Tuesday.
This incident follows revelations about a serious vulnerability in Log4j, a piece software that is often used with Java programming language.
Log4j allows remote hackers to gain control of a system or device running the software. This allows them to install crypto miners and steal private data.
Security researchers warn that Java is one of the most popular programming languages worldwide.
According to Allan Liska, intelligence analyst at Recorded Future, it is not a known fact that Kronos hacks the Log4j vulnerability.
It is possible that the attacker was in Kronos for several weeks before the attack on Log4J was reported. This doesn’t necessarily mean that the two are not connected. He said that the best evidence at this point supports his assertion.” NPR.