Got to work today, went to log into Kronos to clock in, and nothing... Turns out Kronos' Private Cloud has been hit with a ransomware attack. They say it could take days or weeks until they are back up. Perhaps this was not something to move to (someone else's computer) the "cloud". Pop some popcorn, this is going to be "interesting"
From Kronos management:
“We are reaching out to inform you of a cyber security incident that has disrupted the Kronos Private Cloud.
As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud. We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed. At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud.
We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities. The investigation remains ongoing, as we work to determine the nature and scope of the incident.
While we are working diligently, our Kronos Private Cloud solutions are currently unavailable. Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions. Support is available via our UKG Kronos Community and via our UKG Customer Support Team to provide input on your business continuity plans.
We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognize the seriousness of this issue and will provide another update within the next 24 hours.
Thank you for your support and partnership.
Bob Hughes Executive Vice President”
Oh... Boy... I think that company is in some serious trouble. There's no "oops" plan for Kronos being unavailable, which is used by LOTS of companies to track their time, vacation requests, payroll, etc. Especially with all the people that are planning to take holiday time in the next few days. A total nightmare scenario.
Sounds like the root cause is the Log4J vulnerability. Shoulda used .NET instead of Java! :)