How the Massive Cyberattack on a Payroll Software Giant Left Millions Unpaid

Ransomware Kronos Attack

One of the world’s biggest payroll software companies, Kronos, has recently been struck by a massive ransomware attack. This data breach left millions of public and private sector customers without paychecks ahead of Christmas, one of the worst times possible to not get paid. Multiple Kronos software platforms used by thousands of clients have been unavailable since December 11, 2021. Kronos also stated that sensitive information may have been compromised in the attack such as employee names, addresses, and the last four digits of social security numbers.

Kronos is obviously the target in this situation, but it goes far beyond the company. It specifically attacks their private cloud service, a space where companies operate their businesses within giant cloud servers.

Who Does This Harm the Most?

Unfortunately, most of the targets in this situation ended up being hospitals. Hospitals are usually targeted with cyberattacks because, historically, they will usually pay out the largest sums of money to the hackers who infected their systems. Healthcare workers and hospitals are at near overwhelmed stages as is, and it is crucial that all of their systems are operational. This is why these hospitals are often willing to do whatever it takes to have systems fully functioning.

Here is how ransomware works in a nutshell… a virus gets stored into your computer system, usually from a shady download file. This file has a virus that stays dormant in your system while it observes the environment it is in. After the ransomware lays dormant in your systems, it attacks the environment it has been observing. Your important data is then encrypted, fully locked, and sent away to a foreign server. A message will usually show up to pay this server an amount of money, typically in bitcoin or another crypto, to unlock the encrypted files. Most companies do not fall into this trap and instead hire professionals and engineers to clean their systems of ransomware. This is unfortunately a very tedious and expensive project that can take months to recover. Cyberwarfare has become more and more of an increasing threat over the recent years and can attack mostly any infrastructure. 

Today, most companies impacted by this ransomware attack are handling payroll by paying their employees the same amount as their last paycheck, or paying an average of their last three paychecks. Other companies went back to doing payroll by the traditional pen and paper method. The largest issue with either method is the distinct possibility of employees not being fairly compensated, paid in a timely fashion, or worst of all…not being paid in general. Employees being inaccurately paid not only impacts their livelihood but also their taxes. Further, this opens employers up to potential lawsuits or to being reported to the Department of Labor for payroll violations. Regardless, companies impacted by the attack are doing their best to still pay their employees.

What Needs To Happen

Solutions need to be completely integrated with the cloud servers in order to identify potential risks and have a deeper understanding of where all compromised data resides. Approaching this solution with visibility and protection can offer data teams the resources they need, and can assist in realizing which data stores are valuable targets, while ensuring proper controls (as well as backup and recovery flows) are in place. Your data is important, do what you can to protect it.

How the Massive Cyberattack on a Payroll Software Giant Left Millions Unpaid