View Light

Can't clock in today? Kronos Cloud is down for a while.

Got to work today, went to log into Kronos to clock in, and nothing... Turns out Kronos' Private Cloud has been hit with a ransomware attack. They say it could take days or weeks until they are back up. Perhaps this was not something to move to (someone else's computer) the "cloud". Pop some popcorn, this is going to be "interesting"

From Kronos management:

“We are reaching out to inform you of a cyber security incident that has disrupted the Kronos Private Cloud.

As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud. We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed. At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud.  

We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities. The investigation remains ongoing, as we work to determine the nature and scope of the incident.

While we are working diligently, our Kronos Private Cloud solutions are currently unavailable. Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions. Support is available via our UKG Kronos Community and via our UKG Customer Support Team to provide input on your business continuity plans.

We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognize the seriousness of this issue and will provide another update within the next 24 hours.

Thank you for your support and partnership. 

Bob Hughes Executive Vice President”

Oh... Boy... I think that company is in some serious trouble. There's no "oops" plan for Kronos being unavailable, which is used by LOTS of companies to track their time, vacation requests, payroll, etc. Especially with all the people that are planning to take holiday time in the next few days. A total nightmare scenario.

Sounds like the root cause is the Log4J vulnerability. Shoulda used .NET instead of Java! :)

Rating: (You must be logged in to vote)
Reply
Replies:
1/11/2022 5:09:40 PM
0 Dislikes: 0
This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml . If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.