The attack has led to an outage expected to last weeks, leaving companies scrambling to make payroll with the holidays right around the corner.
We're experiencing yet another incident in which cyberattacks can affect the real world: UKG, makers of payroll and HR software, have reported a ransomware attack that has taken its Kronos Private Cloud offline, and may result in it staying that way for weeks to come.
The timing couldn't be worse, nor could it be more apt: We're a week away from Christmas and the holiday travel season, and just days removed from the announcement of one of the worst zero-day bugs in the history of ever: Log4Shell. It's unknown whether Log4Shell is responsible for this incident, and UKG said there aren't any indications that it is.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
"As soon as the Log4j vulnerability was recently publicly reported, we initiated rapid patching processes … While we currently have no indication that there is, we are investigating whether or not there is any relationship between the security incident described above and the Log4j vulnerability," UKG said.
Causes aside, the end result is that a lot of big companies (KPC is used by Tesla, the City of Cleveland government, and multiple banks and financial institutions) can't process payroll, and that means people might go into the holidays unpaid.
Kronos outage: What was affected
Kronos Private Cloud is UKG's hosting solution for its Workforce Central, TeleStaff, Healthcare Extensions and Banking Scheduling Solution software. The ransomware attack, which was detected on December 11, has meant that KPC and its hosted solutions are unavailable to customers.
Make no mistake: This isn't a small problem. In a statement about the outage, UKG said that it has no estimated time of resolution, that its backups aren't available until they "determine the best approach" to restoration. UKG thus "continues to strongly recommend our customers work with their leadership to activate their business continuity plans."
That's the tech equivalent of "fix bayonets," and it's bad news not only for Kronos customers but the future of UKG as well, largely because there is a difference between an outage due to uncontrollable factors, like severe weather, and a malware incident, said Forrester security and risk analyst Allie Mellen.
"Customers will be more likely to accept downtime from something like a severe weather event because they can more easily relate to a kinetic challenge. In contrast, customers may be wary of trusting a business hit with a cyberattack because it's more unpredictable and less relatable and tangible," Mellen said.
Was any data stolen?
The official line from UKG is that its investigation is ongoing, but the City of Cleveland told a local news station that UKG told it that the attack "may have compromised some employees' first and last names, addresses, last four SSN digits and employee ID," Cleveland's WKYC reported.
Ransomware gangs have been known to extort victims by threatening to (or actually) releasing sensitive data, and there's no reason to assume this attack is any different. If, as is currently believed, Log4Shell isn't involved, then there's no telling how long Kronos Private Cloud could have been compromised.
"It's likely the attacker had been targeting Kronos for some time prior to the detonation of the ransomware," Mellen said. Until we know when and how the initial penetration occurred, it's safe to assume Kronos Private Cloud customers may have had sensitive data stolen and react accordingly.
How Kronos Private Cloud customers can recover
UKG itself has admitted that it is in uncharted waters, and it's telling customers to "evaluate and implement alternative business continuity protocols related to the affected UKG solutions."
As TechRepublic parent company TechnologyAdvice's Tamara Scott writes, businesses will need, at a minimum, "a human resources information system to gather addresses, banking and contact information; a time tracking and scheduling software to recreate schedules; and a payroll system to get their employees paid."
SEE: Password breach: Why pop culture and passwords don't mix (free PDF) (TechRepublic)
Thankfully, HR software is as plentiful and varied as the companies that need it. Don't wait or resort to doing things on paper — the quickest way back to business is going to be moving on, and quickly. You can evaluate what you want to do afterward once things have calmed down.
UKG has also been good about updating its outage status page with regular news, so be sure you stay tuned for the latest updates.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- NIST Cybersecurity Framework: A cheat sheet for professionals (free PDF) (TechRepublic)
- What are mobile VPN apps and why you should be using them (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)