Cyberattack on Kronos payroll triggers backup plans
Some users of Kronos payroll say they have backup and contingency plans ready to deal with the ransomware attack on the HR system's firm.
The payroll must still get out. That's the upshot of the response to the cyberattack on Kronos, which is disrupting its cloud-based systems.
Users are deploying contingency plans but may also be wondering whether Kronos payroll has a "plan B" for this type of incident.
In a blog post Monday, Kronos stated a ransomware cyberattack disrupted its private cloud. The incident came to light late Saturday.
In an update early this morning, Kronos stated that restoring full service may take some time.
"Due to the nature of the incident, it may take up to several weeks to fully restore system availability," the firm said in a message to customers. "While UKG has dedicated extensive resources to resolving this issue and supporting our impacted customers, we do not have an estimated time of resolution. As a result, UKG continues to strongly recommend our customers work with their leadership to activate their business continuity plans."
The firm added that, "Our investigation is ongoing, and we are working diligently to determine whether customer data has been compromised. We will keep you updated as new information becomes available."
The company said there's no indication that that attack is related to the Log4j vulnerability in an Apache framework for Java, but they are investigating whether or not there is a relationship.
UKG said it does have redundant systems and disaster recovery protocols "but due to the malicious nature of this incident, we are determining the best approach to safely and securely handle restoration of the affected services."
The firm has notified the authorities.
Backup plans set into motion
Kronos, founded in 1977, is an HR systems provider widely known for its payroll and time management systems. It merged with Ultimate Software in 2020, and the combined company was renamed UKG.
Government agencies that rely on Kronos payroll systems have initiated backup plans to make sure people get paid before the holidays.
In a statement, the city of Springfield, Mass., stated that "contingency plans for recording employee schedules and hours will be implemented to mitigate the potential adverse effects this incident might cause, and to make sure that employees will continue to receive their regular scheduled pay."
The city of Cleveland released a statement saying, "the city will continue timely payroll processing and ensure employees receive their pay without interruption."
Kronos was attacked. We use it for timekeeping. Everyone wanted to have meetings and phone calls but pay day is Friday. We don't have time for it. I did union payrolls on a typewriter with a Circular E back in the 80's. I'm the only one not panicking. Time to go Old School!— 5GenTexan! Republic of Texas! (@5gentexan) December 14, 2021
Potential disruptions to pay
But it might not be easy. Responding to the firm's blog post about the cyberattack, one anonymous customer on a Kronos user forum wrote about using manual timesheets. "But, since we can't log into Kronos at all, how are we to calculate net pay? We have over 2,000 employees to pay this Friday."
Another person on the Kronos user forum described the ransomware attack as "a big miss" for UKG. The customer added: "It would have been nice to hear about this directly from UKG instead of hearing from other sources. It would allow us, the customer, to be proactive in being able to answer internal leadership and internal IT questions regarding the ransomware. Internal leadership and I were getting outside vendor calls from other payroll companies asking if we needed them to run our payroll for us."
In a blog post Monday, by Bob Hughes, executive vice president at UKG, didn't provide a time frame for restoration.
"We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation," Hughes wrote.
Ransomware attacks can be disruptive. An attack on the city of Atlanta in 2018 infected nearly 4,000 of the city's computers, encrypting files in each computer and displaying a ransom note.
Patrick Thibodeau covers HCM and ERP technologies for TechTarget. He's worked for more than two decades as an enterprise IT reporter.