Show Navigation
Conversation
Notices
-
Widely-Used Kronos Payroll Provider Down for "Weeks" Due to Ransomware Attack; Was Log4Shell Involved CPO Magazine
https://nu.federati.net/url/284043
>A major payroll provider used by thousands of businesses in the United States, including government agencies, is reporting that it expects to be down for “weeks” due to a devastating ransomware attack.
>
>Kronos, known to be used by several thousand companies ranging from Tesla to National Public Radio (NPR), had its Private Cloud service go offline on Monday. This element is central to its UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services used to track employee hours and process paychecks. The company confirmed that it had discovered an ongoing ransomware attack on December 11 and had taken the services hosted in Kronos Private Cloud offline as part of its mitigation measures. Kronos did not give a timetable for recovery but said that it expects it to be at least several days, if not weeks, before the services are fully online again.
>
>Though it has not been confirmed, there is speculation that the notorious Log4Shell vulnerability was involved given that the Kronos cloud services are known to be built on Java to a great degree.
>...
- LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} repeated this.
-
Whoa, Nelly!
I've heard of Kronos for years. There are lots of companies (and probably government agencies also) that have to be pooping their Pampers right now.
-
> The company confirmed that it had discovered an ongoing ransomware attack on December 11 and had taken the services hosted in Kronos Private Cloud offline as part of its mitigation measures.
They probably won't clarify (legal liability, etc), but it would be nice to know whether the ransomware attack came from one of their customers' accounts (that is, whether they've got insufficient isolation between customers' data) or a company internal source (that is, whether the entire organization's security posture needs reassessment).
-
Also, was the ransomware already at the "hold your data hostage" stage, or did they discover it during distribution / spreading stage?
GeniusMusing
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864}
All Arkwood Pond Social content and data are available under the