HR software company Kronos has suffered a ransomware attack, and a private cloud restore may take "several weeks," parent business UKG said. So far, it's unclear whether the Kronos ransomware attack is related to the Log4j vulnerability that MSSPs and cybersecurity professionals are scrambling to mitigate worldwide.
Key Kronos customers include Puma, Tesla, YMCA, Waste Management and Temple University. though it's unclear which (if any) of those customers have been impacted.
Confirmed victims of the Kronos outage include the Metropolitan Transportation Authority's MTA timekeeping system in New York, according to The New York Post. The MTA is the North America's largest transportation network, serving 15.1 million people in the 5,000-square-mile area fanning out from New York City through Long Island, southeastern New York State, and Connecticut, the organization indicates.
Kronos is working with "leading cyber security experts to assess and resolve the situation." The HR software company did not mention any MSSPs or incident response companies by name.
Kronos Ransomware Cyberattack Timeline
Here is a timeline recapping the Kronos Private Cloud Ransomware:
Related SC Media Analysis: Cybersecurity experts from KnowBe4, nVisium, Netenrich and StrikeReady shared their views on the Kronos cyberattack here.
Who Are UKG, Kronos and Ultimate Software?
Kronos and Ultimate Software merged to form UKG (Ultimate Kronos Group) in April 2020 to focus on human capital management (HCM) and workforce management software. The combined business had 12,000 employees and roughly $3 billion in annual revenue at the time of the deal.
UKG has offices in Lowell, Massachusetts and Weston, Florida, with dozens of offices around the world.
