Kronos Still Dragging Itself Back From Ransomware Hell | Threatpost

Remember when Kronos, the workforce-management workhorse, got whacked by ransomware in December, right in time to gum up end-of-year HR busywork such as bonuses and vacation tracking?

Could take days to crawl back, Ultimate Kronos Group (UKG) said at the time. Or, then again, could take up to several weeks, it said in a subsequent update.

It turns out that dragging its Kronos Private Cloud (KPC) systems back has taken nearly two months. As of Jan. 22, it wasn’t yet done dragging them back, but aggrieved customers had started the process of dragging the company into court as scheduling and payroll was disrupted at thousands of employersincluding hospitals – many of which have been forced to log hours manually.

As NPR reported on Jan. 15, some 8 million people experienced “administrative chaos” following the attack, including tens of thousands of public transit workers in the New York City metro area, public service workers in Cleveland, employees of FedEx and Whole Foods, and “medical workers across the country who were already dealing with an omicron surge that has filled hospitals and exacerbated worker shortages.”

Furious and Filing Suits

As far as UKG’s gratitude for customers’ patience goes, it might be a little aspirational.

Customers were already seething over the company’s lack of communication as the weekend unwound following the Saturday, Dec. 11 discovery of the attack. They complained about poor communication, a lack of information about whether their data was still out there somewhere, that the company’s portal and support site had gone AWOL right in the thick of things, and that the “weeks” or “delays” to restore systems was insupportable.

Kronos customers’ complaints. Source: Kronos Community Forum.

The subsequent lawsuits include a class action filed by New York transit workers claiming that the Metropolitan Transportation Authority has “failed to pay certain employees any overtime wages since their payroll administrator was crippled by a December 2021 data breach.”

Workers at Tesla and PepsiCo have also brought separate lawsuits over the UKG payroll outage, claiming that they received inaccurate pay during the outage.

As well, at the end of December, West Virginia’s state auditor, J.B. McCuskey promised that “we’re going to hold Kronos accountable” for what he called the “real pain in the rear end” of having to manually input information for more than 37,000 state employees before they got their first paychecks of 2022.

UKG didn’t immediately respond to Threatpost’s inquiries regarding when it expects all of its systems to be restored.

Check out our free upcoming live and on-demand online town halls – unique, dynamic discussions with cybersecurity experts and the Threatpost community.