The Kronos workforce management system has had its cloud-based systems knocked offline due to a ransomware incident. According to the company, systems could potentially be offline for over a week and the incident is not related to the Log4Shell vulnerability. Kronos offers a range of solutions for employee scheduling, compensation management, payroll and hours worked, benefits administration, time-off management, talent acquisition, onboarding, and more. It is used by some of the biggest companies in the world, along with various government organizations. The on-premises offering from Kronos remains unaffected, but anyone using the cloud-based offering has no access. Kronos issued a statement informing customers that they do not have an estimated restoration time and to look for alternative solutions while they attempt to fix the issue.
Ransomware actors often take advantage of organizations being short-staffed or closed around the holidays. In this incident, the scale of the attack is not yet known and many companies have begun blocking access to and from Kronos until they have a better handle on what they are dealing with internally. Anytime a third-party is used within an organization for a service, it is an added security risk. In general, whenever a third-party is being evaluated for use, their security processes should be taken into consideration, along with their incident response plan, so all parties involved will know how they will be impacted or protected.