With Christmas just a few days away, Americans are awaiting their paychecks to spend big for the celebration. However, many of them might not have received their wages on Dec. 17, the final payday prior to Christmas for those who are paid weekly and biweekly. The reason was attributed to a major workforce management firm that recently got hit with a ransomware attack which disrupted payroll systems of several companies depending on its service.
Ultimate Kronos Group (UKG), the firm which suffered the attack, announced that some of its programs that rely on cloud services will not be available for “several weeks.” Companies depend on these online services to manage the hours of their employees, schedule shifts, and pay salaries.
“We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts… We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services,” a Kronos spokesperson told CNN.
Kronos has not yet named the ransomware group that has carried out the attack or whether the firm plans to pay the hackers, how much money was demanded, and so on. A number of high-profile companies have been affected by the Kronos hack, including Honda, GameStop, Whole Foods, Tesla, MGM Resorts, etc. In addition, government agencies like the city of Cleveland, the state of West Virginia, Metropolitan Transportation Authority (MTA) of New York, etc. are among those affected.
While some employers are now issuing paper checks to their workers, some are unable to access payroll systems. In an interview with NBC News, John Riggi, the senior advisor for cybersecurity at the American Hospital Association, stated that several hospitals have had to create contingency plans to track the hours of their employees and pay them.
“Quite frankly, this could not have happened at a worse time. We’ve had a surge in Covid patients, flu patients… It’s a distraction to hospital administrators at a time when they don’t need any additional burden or diversion of resources…. Here we have all the sacrifices and hardships that our frontline heroes have been enduring right now to care for our patients. The last thing they should have to worry about, especially during the holiday season, is getting paid,” Riggi said.
It is not yet clear how attackers were able to hack into Kronos’ network. Some are speculating that the ransomware attack might be related to a recently publicized vulnerability in a piece of software called Log4j that is often used in Java programs.
The software allows hackers to take control of any device that runs it. As Java is one of the most widely used programming languages, the vulnerability of Log4j could affect systems worldwide. However, some security experts dismiss any links between the recent attack and Log4j.
“It is likely the attacker had been in Kronos for weeks launching the attack before Log4J was reported. That doesn’t mean the two aren’t connected. But the best evidence right now says otherwise,” Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said to NPR.
In addition to disrupting employee management, the ransomware attack has also reportedly compromised the personal information of thousands of workers. Some companies have notified employees that highly sensitive personal data like Social Security Numbers remain protected. But the City of Cleveland has warned that the last four digits of its workers could have been accessed by the attackers.