[ad_1]
Workforce administration options supplier Kronos has suffered a ransomware assault that may seemingly disrupt lots of their cloud-based options for weeks.
Kronos is a workforce administration and human assets supplier who supplies cloud-based options for managing timekeeping, payroll, worker advantages, analytics, and extra. In 2020, Kronos merged with Final Software program to create a brand new firm named UKG.
Kronos’ software program is utilized by many corporations, together with automotive producers, schooling establishments, and native governments. A number of the prospects utilizing Kronos embody Tesla, Temple College, Neighborhood Financial institution, and the San Francisco Municipal Transit Authority,
Kronos hit by a weekend ransomware assault
In the present day, Kronos disclosed that the UKG options utilizing the ‘Kronos Non-public Cloud’ are unavailable resulting from a weekend ransomware assault on December eleventh.
“As we beforehand communicated, late on Saturday, December 11, 2021, we grew to become conscious of bizarre exercise impacting UKG options utilizing Kronos Non-public Cloud,” disclosed Bob Hughes, Govt Vice President for UKG.
“We took speedy motion to research and mitigate the difficulty, and have decided that this can be a ransomware incident affecting the Kronos Non-public Cloud—the portion of our enterprise the place UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Options are deployed.”
UKG options that aren’t utilizing the Kronos Non-public Cloud are unaffected, together with UKG Professional, UKG Prepared, and UKG Dimensions.
UKG describes Kronos Non-public Cloud (KPC) as a safe storage and server facility hosted at third-party knowledge facilities. This infrastructure is used to host their Workforce Central, Workforce TeleStaff, TeleTime IP, Enterprise Archive, Extensions for Healthcare (EHC), and the FMSI environments.
“Kronos presents a internet hosting atmosphere constructed upon a safe infrastructure, which undergoes examinations from an unbiased auditor in accordance with the AICPA’s SSAE18 (i.e., SOC 1) and the American Institute of Licensed Public Accountants’ TSP Part 100a, Belief Companies Rules, Standards, and Illustrations for Safety, Availability, Processing Integrity, Confidentiality, and Privateness (i.e., SOC 2 and SOC 3),” reads the outline of the Kronos Non-public Cloud infrastructure.
In keeping with Kronos, KPC is secured utilizing firewalls, multi-factor authentication, and encrypted transmissions to forestall unauthorized entry to their techniques.
Sadly, the risk actors have been capable of breach these techniques and sure encrypted servers as a part of the assault.
As a result of this, Kronos says their KPC options will not be obtainable and can seemingly take a number of weeks earlier than techniques develop into obtainable once more. Throughout this time, they counsel prospects “consider and implement various enterprise continuity protocols associated to the affected UKG options.”
Whereas not a lot else is understood concerning the assault, this disruption of providers comes at a horrible time for patrons preparing for vacation holidays, bonus funds, and a restricted workforce.
An affected buyer has advised BleepingComputer that they may now have to return to utilizing spreadsheets and paper and pencil to chop checks and monitor timekeeping in the intervening time.
BleepingComputer has reached out to UKG with additional questions and can replace the article once we obtain a response.
[ad_2]
