The ripple effect of ransomware attacks: Kronos in chaos with millions affected

Date published: 26 Jan 2022

There is a misconception that organizations that regularly backup their systems are immune from severe damage in the event of a cyberattack.

Research into the impact on employees of these incidents has shown that 77% report being temporarily unable to gain access to the networks or systems they need. A quarter of surveyed respondents were unable to fulfill their full duties for at least one week.

Last month’s ransomware attack on the tech giant Ultimate Kronos Group (UKG) and their Kronos software perfectly illustrates the damaging knock-on effect of ransomware.

On December 11 last year an incident was first detected. The attack knocked out the Kronos Private Cloud, a workforce management software that is used by multinational organizations across the world to manage timesheets, schedules, and payroll. While still unconfirmed, it is possible that bad actors could have taken advantage of the Log4j vulnerability to launch their attack.

The incident came at a critical time with the final payday before Christmas just six days away for many in the American workforce.

Major organizations including Whole Foods, Honda and GameStop risked delays in paying workers on time. Many were forced to take measures such as paper timesheets and handwritten schedules to keep operations going.

The total number of impacted employees is thought to be as high as eight million. The healthcare sector was also impacted. With one of the largest hospital chains in the United States, Ascension, reliant on Kronos for its scheduling and payroll.

The need for contingency measures has put an additional burden on administrators who are already facing challenges caused by the Covid-19 pandemic. Public sector employers face similar issues, with fire departments, police departments, and libraries also having to make do without cloud-based timecards.

Over in the United Kingdom, supermarket giant Sainsburys also uses the Kronos software. They were reported to have lost one week’s worth of data on their 150,000 UK-based employees. The company had to rely on historical data in order to ensure workers received their Christmas pay.

Problems caused by the breach have persisted into the new year. Customers have been warned that the Kronos system might not be fully back online until the end of January.

Even when the issue is resolved, employers will have the mammoth task of uploading the records that they have been keeping manually into the system. Delays in up-to-date tax information as a result will also cause widespread disruption.

The legal ramifications and reputational damage of the ransomware attack are now being realized for Kronos. In the Southern District of Florida, a class action lawsuit has been filed. The suit claims that $5 million dollars of damage has been caused by the organization’s failure to protect personal identifiable information.

What can be done to prevent and minimize the impact of ransomware attacks like this?

Alongside investment in anti-malware and anti-virus software, organizations should carry out an investigation into what information could be compromised if attackers are able to breach their network defenses. Network segmentation is recommended for minimizing the chances of lateral movement within the network during an attack.

Configuration auditing for network devices is also essential for maintaining a resilient network. Making use of assessment tools like Titania Nipper will enable you to identify vulnerabilities in firewalls, switches and routers and ensure firewall rules are not too permissive.

You can start your audit by requesting a free trial of the Nipper software, which provides remediation advice and technical fixes for any misconfigurations found.

SHARE

Related Media

Jun 16

Telcos - Under the cyber security spotlight

Read more

Apr 08

PCI DSS V4.0 release - move to security as a continuous process

Read more

Feb 11

Network segmentation is key to improving data security

Read more

Jan 12

Apache Log4j vulnerability: Attack levels remain high in the new year

Read more

In Association With