Human management

Human resources management group hit by ransomware attack

The organization of Ultimate Kronos Group (UKG) Kronos, a provider of human resources management, was hit by a ransomware attack earlier this week, the company confirmed.

Kronos executive vice president Bob Hughes confirmed the incident in a blog post published Monday. Hughes noted that the company became aware of the breach on December 11 and impacted Kronos’ private cloud, which includes UKG Workforce Central, UKG TeleStaff, Healthcare Extensions and Banking Scheduling Solutions.

Hughes warned that while the company worked to resolve the incident, it could impact Kronos Private Cloud systems for “several weeks.”

The attack could have a widespread impact on several large companies, including UKG customers including Tesla, Marriott, Yamaha, Samsung, Revlon, The Container Store and Peet’s Coffee and Tea.

“We deeply regret the impact this has on you, and we continue to take all appropriate steps to remedy the situation,” Hughes wrote. “We recognize the seriousness of this issue and will provide another update within the next 24 hours.”

Hughes wrote that Kronos was working with cybersecurity experts and informed authorities of the breach.

The incident comes as businesses around the world work to respond to and fix a vulnerability in the Apache log4j logging package, which is described by top experts as one of the worst vulnerabilities they have seen due to that log4j is a fundamental ingredient in business systems around the world. Malicious hackers, including nation states, have been actively trying to exploit the vulnerability since it was discovered late last week.

While it was not immediately clear whether the ransomware attack on Kronos was related to the log4j vulnerability, the company posted a notice on its website stating that it is “aware” of the issue and is monitoring its systems and its third-party software supply chain for any indication. compromise.

Ransomware attacks are an increasingly serious thorn in the side of security professionals and have particularly increased during the COVID-19 pandemic, with hospitals, healthcare groups and schools among the targets of hackers computer science. Major attacks on Colonial Pipeline, meat producer JBS USA and IT company Kaseya have also highlighted the threats to national security posed by the ongoing attacks.