Search
SOLUTIONS
SERVICES
CAMPAIGNS
TECHNOLOGY
INSIGHTS
COMPANY
OUR WORK
OUR WORK
CONTACT
CONTACT
Technology

How Should Businesses Respond to the Kronos Ransomware Attack?

December 21, 2021 | by David Corchado
  1. Home
  2. Blog
  3. Technology
  4. How Should Businesses Respond to the Kronos Ransomware Attack?
Ransomware attacks are not only an attack on security, but an attack on reputation. Click to learn more about the recent Kronos breach.

Another day. Another ransomware attack. Another reputation management problem. Welcome to the state of cybersecurity. The latest high-profile ransomware attack hit Ultimate Kronos Group (known as Kronos), a human resources company. Kronos software is used by many organizations (including businesses, schools, and governments) to track employees’ hours and to issue paychecks. Kronos disclosed the attack on December 13 after noting unusual activity on the Kronos Private Cloud on December 11. As a result of the attack, Kronos software might be down for weeks. This attack is especially disruptive because it affects 2,000 businesses that rely on Kronos for issuing paychecks. They’re now scrambling to implement contingency plans. Not only is the reputation of Kronos at risk, but so is the reputation of its clients. 

What Happened to Kronos 

According to Kronos, on December 11, the company “became aware of unusual activity impacting UKG solutions using Kronos Private Cloud. We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud — the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed.”  

Kronos did not disclose the nature of the ransomware demand.  

Kronos is yet another victim of a ransomware attack, which happens when a criminal cripples an organization’s data systems unless the organization pays a ransom, typically in the form of an untraceable cryptocurrency. SonicWall, a security provider said recently reported it has logged nearly 500 million attempted ransomware attacks through September 2021. SonicWall expects to record 714 million attempted ransomware attacks by the close of 2021, which is a 134 percent increase over 2020’s totals. 

Unfortunately, ransomware has proven to be a lucrative way for malicious parties to line their pockets with money paid by corporations, schools, and public institutions desperate to free up their information systems after they become hijacked.  

The Kronos incident demonstrates vividly the disruption that can occur with a ransomware attack. It’s bad enough that Kronos is suffering a disruption that will cost the company money and put its reputation at risk. Even worse, clients of Kronos now experience a threat to their reputations with their employees at a particularly vulnerable time with job-hopping surging. Employees are understandably asking employers: 

  • How they’ll be paid in a timely manner with payroll systems disrupted. Employers are scrambling to put in contingencies such as issuing paper checks. 
  • If their personal information has been compromised. And the answer might be, “We don’t know for sure, but your personal data might be at risk” depending on how much employee data an organization has shared with Kronos. The City of Cleveland, a Kronos client, announced on December 13 that as a result of the ransomware breach, employee data might have been compromised. According to the City of Cleveland, “Some of the data accessed may have included some employees’ first and last names, addresses, last four of the SSN, and employee ID.” 

How well companies, governments, and schools affected by the disruption respond depends on factors such as: 

  • Whether they have contingency plans in place for a cyber disruption. 
  • The effectiveness of their communications to employees. Speed and transparency are essential, even if the organization can say nothing more than, “We are still getting facts in front of us and will follow up when we have more to announce.” 

Make no mistake: the attack, of which we know little about, has created a big reputation management problem for 2,000 organizations that rely on Kronos


How Organizations Should Respond 

The Kronos ransomware attack underlines the importance of organizations everywhere assessing the risks of these attacks and having a plan in place. 

Everyone on the executive leadership team needs to take ownership of the problem. Ransomware is more than an information technology security problem. It’s a threat to the entire company. The C-suite first needs to make sure they understand how ransomware happens and how the ransomware industry is evolving. Cybercriminals are becoming more sophisticated in their use of schemes such as phishing emails that trick employees into allowing a hacker access to a company’s information security network. Most ransomware attacks are initiated by spam and phishing emails, and many more occur because of poor cyber security training and weak passwords, according to Tech Republic.  

This problem is exacerbated by our increasingly distracted society. Employees working at home or in the office can too easily let their guard down because they are multitasking. This is one reason why the C-suite needs to take ownership of this problem and implement better employee training. It’s important that the C-suite institute a mandatory training program that employees and contractors must take in order to understand the threats and how to guard against them. For instance, all your employees and contractors know that they must understand some of these safeguards:  

Never click on unsafe links – and understand how to spot a suspicious link disguised as a legitimate email.  

  • Avoid disclosing personal information – such as calls, text messages, or emails from an untrusted source requesting personal information. 
  • Do not open suspicious email attachments, and to make sure the email can be trusted, pay attention to details such as the email address of the sender to see if it matches the name of the sender. 
  • Never use unknown USB sticks. 
  • Keep programs and operating systems up to date. 
  • Never download software or media files from unknown sites. 
  • Use VPN services on public Wi-Fi networks. Employees may not realize it, but when they use a public Wi-Fi network, their computers are more vulnerable to attacks. This risk increases as more employees work remotely.   
  • In addition, we recommend that you train employees at least annually because hackers are constantly developing new tools to breach your security.   

Businesses can and should take many more steps besides educating their employees. They can indeed decrease the likelihood of being attacked by taking security precautions of their own (and working with their technology provider accordingly). For instance, your chief information security officer needs to ensure that your company stays abreast of the latest security updates and patches, at a minimum. For more insight, we recommend reviewing “Ransomware Protection: How to Keep Your Data Safe in 2021,” from Kapersky. Finally, we cannot stress enough: don’t pay ransoms.  

Bottom line: businesses need to plan for an attack now. Our Cybersecurity and the C-Suite report discusses ransomware in the context of cybercrimes and how businesses can fight them. Download a copy here.   

Contact IDX   

The IDX on-demand hosting platform is built from the ground up with security and data protection by design. Our cyber threat prevention system offers complete DDoS protection and malicious traffic analysis and prevention and underpins every website we build. Combined with the atomized modular architecture of the Connect.ID CMS platform, we can deploy beautiful designed and highly performant websites with as little as two weeks from ideation to build. Contact us to learn how we can protect you.