06.21.2022
Kronos Workforce Ransomware Attack Leaves Millions Exposed
The Kronos Ransomware Attack Fallout
Ultimate Kronos Group (UKG), a leading provider of workforce management software, whose HR management solutions are used by a who’s who of corporations and organizations, experienced a ransomware attack last December. Their customers include the city of Cleveland, New York’s Metropolitan Transportation Authority (MTA), Tesla, and MGM Resorts International. UKG also works with many healthcare extensions across the United States.
Kronos Private Cloud Hack Impacted Public Entities

In December 2021, Kronos revealed that it had been the victim of a ransomware attack, leading to its customers’ payroll systems being taken down and employee data compromised.
So, its customers turned on Kronos.
Some of its customers had to resort to contingency arrangements to pay their staff, such as going back to paper checks. Millions of employees were left in administrative limbo, unable to access payroll systems due to the outages.
The ransomware attack targeted Kronos Private Cloud solutions, a data storage site for several of the firm’s services, including UKG Workforce Central, which employees utilize to track hours and manage shifts.
“We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts. We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services,” a spokesperson said in a statement issued to NPR.
Legal Woes
A massive class-action lawsuit was filed against the company in early January, alleging that Kronos failed to adequately secure its systems and protect customer data in the Kronos Private Cloud.
The lawsuit seeks damages for Kronos customers who had to rely on paper checks and manual processes to pay their employees due to the attack.
Employees of Puma who had their personal identifying information, such as social security numbers, stolen are among those filing lawsuits. And other customers like Tesla, PepsiCo, and transit workers in New York City are also suing the company over their mishandling of the attack and negligence in securing customer data.
It is not yet known who was behind the attack or how much Kronos paid in ransom, but the fallout from the attack continues to mount for the firm, with more lawsuits sure to follow.
It is also unclear how much Kronos will have to pay out in damages, but the company’s reputation has certainly been tarnished.
Kronos’ very business model is now being questioned.
Kronos’ Business Continuity Plans Were Insufficient
Kronos might have been able to avoid this PR nightmare if it had heeded the warnings of its customers and taken steps to secure its systems.
The Kronos attack was a wake-up call for many organizations like Puma, Tesla, and the NFL, who had come to rely on Kronos for their payroll needs. It has led some to question whether Kronos is really the best solution for them.
After all, if Kronos can’t keep its systems secure, how can its customers be confident that their data will be safe?
And when you understand that entire council municipalities rely on Kronos to keep their data safe, the Kronos attack becomes even more worrying.

The Kronos Ransomware Attack Was a Real Eye-Opener
It showed that no organization is safe from cyberattacks, no matter how big or small.
It also showed that Kronos is not the invincible god of time it once seemed to be.
Kronos started life as a manufacturer of time clocks and time-keeping software. But in recent years, it has become much more than that. Kronos now provides payroll and HR solutions to some of the biggest organizations in the world.
So when Kronos was hit by ransomware from an as-yet undeclared source, it sent shockwaves through the business world.
As the IT worker from the Tacoma Fire Department put it out there for everyone to read on Twitter: how can a company the size of Kronos not have adequate disaster recovery in place?
Disaster Recovery Plans Offset the Threat of Cyber Attacks

Disaster recovery plans are vital for any organization, no matter how big or small. But it seems that Kronos did not have a plan for this data breach.
It is still unclear exactly how much data was stolen and what the hackers now have access to.
What is clear is that Kronos failed to protect its customer data and employee data. And that is a huge problem.
The data breach at Kronos is a reminder that no organization is safe from cyberattacks. It also highlights the importance of having a robust disaster recovery plan in place.
While Kronos’ system availability has now been restored, albeit, with certain supplementary customer applications still in the process of coming back online, the question remains: can Kronos really be trusted with customer data?
Data is the lifeblood of any organization. And when that data falls into the wrong hands, it can have devastating consequences.
Real Costs of a Cyber Attack
The cost of cyber assaults has climbed to an estimated $3.6 million per incident, according to the World Economic Forum (WEF) Global Cybersecurity Outlook 2022 report. The survey also revealed that it takes on average 280 days to detect fraud and respond to an attack.
Not only are huge sums of money likely to be paid out in ransom and legal costs, but such a data breach can cause irreparable damage to an organization’s reputation.
To safeguard against this type of ransomware incident, what is needed is a reliable data backup solution that can be quickly accessed and used to restore data in the event of an attack.
But the Kronos private cloud did not have that in place. And as a result, its customers are now paying the price.
Ransomware Attacks on the Rise

In the wake of the Kronos attack, it is clear that data security is now more important than ever before. Organizations must take steps to ensure that their data is safe and secure, or they risk facing serious consequences.
To restore system availability in the face of a malware attack, companies need a reliable data backup solution. As part of a rigorous disaster recovery plan, cloud migration affords organizations the best possible chance of withstanding such an attack and emerging unscathed.
Learning From Kronos’ Mistakes

Data security is of paramount importance in the modern world. And Kronos, unfortunately, has shown that it is not immune to the dangers that exist from threat actors.
For companies like Kronos, the only way to restore customer confidence is to take steps to ensure that their data is safe and secure. And that starts with having a robust disaster recovery plan in place.
Otherwise, the consequences can be catastrophic. Let Kronos be a reminder of that.
Business leaders should learn from Kronos’ mistakes and ensure that their organization is prepared for anything.
Because in the modern world of business and data security, it’s not a matter of if a cyber attack will happen, but when.
Start a conversation with Parsec Labs
Parsec Labs products are delivered as an integrated appliance, optimizing hardware and software for maximum performance and throughput.