The Kronos ransomware attack could leave employers without payroll service for weeks. Here's what employees should know.
- Kronos Private Cloud was the target of a ransomware attack earlier this week.
- The attack impacted several Kronos services, including workforce management tools like time cards and payroll.
Kronos Private Cloud — a workforce management service owned by the technology company Ultimate Kronos Group (UKG) — was the target of a ransomware attack that employers say is impacting their payroll services.
Since the cybersecurity incident arose on Saturday, employers are reporting an inability to access several of the product's core services, including UKG Workforce Central, which aids employers with time cards, attendance, and scheduling. Many local city governments and large companies like Whole Foods, Staples, Puma, and Tesla rely on ghe Kronos Private Cloud to track their employees' hours and payroll information
According to a UKG spokesperson, the company is "working diligently to restore the affected services," adding that it recognizes the "severity of the issue and has mobilized all available resources" to support its customers.
"We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts," the UKG spokesperson told Insider.
UKG Executive Vice President Bob Hughes wrote in a statement on the company's customer forum that it could take several weeks to restore the system and encouraged its clients to use alternatives for workforce management while the cloud is down.
Under the Fair Labor Standards Act, employers are required to track the hours worked by its employees using any method of timekeeping. In the case of a technical issue, employers can opt to switch to paper time cards to manually track their time or use another electronic timekeeping method.
Those experiencing difficulties with payroll may also choose to temporarily switch to paper paychecks instead of direct deposits or else issue baseline paychecks to their employees for hours worked and correct any differences in pay later.
Still, several concerned employees who use the Kronos Private Cloud have taken to social media platforms like Reddit and Twitter to voice concerns over the ransomware attack and their affected payroll information.
Some Redditors expressed concern that personal data points like date of name, birth, phone number, and email address were compromised in the attack, while others on Twitter said they are worried their paychecks won't come before the Christmas holiday.
The City of Cleveland, Ohio warned employees that the last four digits of their social security number could potentially be at risk, according to a statement released by the city on Monday.
"UKG has informed the City and its other clients they are working to assess and resolve the situation as quickly as possible," the City of Cleveland said on its website. "In the meantime, the City will continue timely payroll processing and ensure employees receive their pay without interruption."
Additionally, employers including the City of Springfield, Massachusetts, University of Utah, and George Washington University have reported they were affected by the outage.
As of Wednesday afternoon, it is unclear if the ransomware attack is related to vulnerabilities found within Log4j, a software that is frequently used with Java. The Log4j flaw allows a remote hacker to take over a device or system running the software, according to NPR. With this remote access, the hacker can then install crypto miners or steal private data.
UKG said it was aware of the Log4j vulnerability and had preventative controls in place to detect attempts at exploiting its system, according to the company's website.
However, because Java is one of the most popular programming languages in the world, cybersecurity experts have warned that the effects of the flaw could be widespread.