back to article Timekeeping biz Kronos hit by ransomware and warns customers to engage biz continuity plans

Kronos Private Cloud has been hit by a ransomware attack. The company, also known as Ultimate Kronos Group (UKG), provides timekeeping services to companies employing millions of people across the world. Emails sent by Kronos to its corporate customers, seen by The Register, confirm the firm has pulled its private cloud …

  1. Jellied Eel Silver badge

    Time Lords

    Hope they resolve it quickly. First encountered them when we had them in for a sync audit, and learned quite a lot about how to clock a network properly. Still my go-to consultants for network timing stuff.

    1. tip pc Silver badge

      Re: Time Lords

      maybe its not the same Kronos you remember as these guys appear to be into people time management, like clock in clock out & contact centre shift pattern type stuff.

      I'm not so sure they do anything with network timing, not sure anyone does anything with network timing in this day and age.

      1. Jellied Eel Silver badge

        Re: Time Lords

        Yup, my bad. Was thinking of Chronos (.uk). They're still going, and still very much clock rather than clock-watching focused. And still very relevant for networks. But now I'm also wondering if Kronos use Chronos for timing, and cloud-based time. NTP works ok most of the time, but not always.

        1. Corporate Scum

          Khronos with a K

          You know, the Greek titan type that's prone to eating their own young.

          "K" Khronos (the company, which is definitely not a titan) is one of those vile leviathan dinosaurs that persists despite pursuing a decades long business strategy of maximizing pain for the end user. No surprise then to see them faceplant in the face of ransomware. While I pity the responders at the coal face, this is the byproduct of a entrenched culture that set the height of the bar at "just barely good enough run". I literally remember my dad complaining about them back in the paper puchcard days when it was probably running on an AS/400 mainframe. Those complaints continued until he retired decades later.

          I'm sure there is some Khronos exec that smugly though that "It's your responsibility to ensure continuity of business planning for our services" was a great way to justify cutting corners. If it were my outfit (thank god it's not) I'd be engaging the "switch to a new payroll provider" paragraph of that plan. Then again, if I had any sway over the payroll department, we wouldn't have been using either Khronos or our current provider. So my probably undeserved paycheck this month will arrive because of luck and the fact our back office aren't masochistic to inflict Khronos payroll on themselves.

  2. Forget It

    Time will say nothing but I told you so,

    Time only knows the price we have to pay;

    If I could tell you I would let you know.

    More lines here:

  3. Brewster's Angle Grinder Silver badge

    Isn't the business case for outsourcing to hand the work to experts who'll manage the system properly rather than succumb to this kind of attack?

    (I'll let them off if they've succumbed to a zero day. But not if it's a misconfiguration, unapplied patch, or other avoidable snafu.)

    1. Version 1.0 Silver badge

      If you are connected to the Internet then you are vulnerable ...

      ... and even more vulnerable if you think that you are safe and don't have to worry about a cyber-attack because you have done everything that would have stopped yesterdays attacks. Malware deliveries are updated far more often than system patches.

    2. Anonymous Coward
      Anonymous Coward

      It's not getting tagged with ransomeware thats the faceplant.

      It's the potentially weeks long recovery window.

      If you claim to be a cloud company, you should be able to restore services in less than 48 hours, even if your entire company burned to the ground after repeatedly being struck by lightning.

      Clearly, their backup systems either got hit, or weren't suitable for purpose.

      1. yoganmahew

        Re: It's not getting tagged with ransomeware thats the faceplant.

        Absolutely, this "activate you business continuity plan" from a cloud vendor is some high-grade BS. Kronos Cloud is supposed to be a business continuity plan. If you have to manage your own data yourself, back it up, have hardware on standby to run the workloads in-house, have an alternate system, what's the point in outsourcing?

        Oh and Kronos time management sucks the big wind... truly awful.

  4. Mike 137 Silver badge

    One of the joys of cloud

    When it goes bad, everyone suffers, everywhere. At least on prem disasters are locally contained.

    1. Brewster's Angle Grinder Silver badge

      We need a lemmings icon. The game; not the rodent.

      Is that a feature? Your competitors are likely in the same boat, and you can point out to customers that this is a newsworthy outage in which you are the victim. Whereas, when it's just your IT that dies...

  5. Anonymous Coward
    Anonymous Coward

    As the masters said

    “You are young and life is long and there is time to kill today”

  6. Anonymous Coward
    Anonymous Coward

    Being grumpy

    You know, I really hate companies that use the term "We are reaching out to inform".

    Enough with all the touchy feely, I wanna be your friend bull shit.

    Does anybody get taken in by this?

    What's wrong with "We are contacting you", "We are emailing you".

    Stop reaching out to me, we know you are full of shit and in it for the money. Have some respect for yourself and us and stop trying to reach out and touch me up, perf.

    1. Anonymous Coward
      Anonymous Coward

      Re: Being grumpy

      Perhaps they could double down and try “It is with a heavy heart we are reaching out to you today….”

      1. Anonymous Coward
        Anonymous Coward

        Re: Being grumpy

        "Thoughts and prayers"

    2. Mike 125

      Re: Being grumpy

      To generalise: having been completely and utterly incompetent, and entirely unable and unwilling to even try to solve my obvious problem, they end with:

      "Is there anything else I can help you with today?"

      Anything 'else'?? ELSE?????????? So.... what... are you more concerned about other problems, (possibly as yet unknown) I may have, than this one, which I've just spent 10 minutes explaining? Are you saying my 1 problem isn't enough for you?

      "Is there anything more I can help you with today?"

      Anything 'more'?? MORE??????????

      At which point, security is called.

  7. Mrs Spartacus

    Bah humbug !

    That's the first thing that irritated me too. Bullshit business-speak always rattles my cage.

    Then I came across the standard filler that really set me off - "We took immediate action to investigate and mitigate the issue.." Really? No excrement, Sherlock. As if stating the blindingly obvious will show how clever they are. God, I hate filler guff.

    They might just as well have added " our staff took a long and fruitful dump, washed their hands with soap and water, ate a nutritious breakfast and had a shower before arriving at the office."

    Nurse? Nurse? My laudanum, and be quick.

  8. hoola Silver badge


    Perhaps, just perhaps this should start to wake people up to the fact that having everything "online", "Internet accessible" and in various bits of Cloud is not such a good idea. Whilst some of the ransomware is activated internally a significant number of these attacks appear to have been initiated through some sort of external vulnerability or failing.

    Nobody will because people just don't believe it will happen to them.

    These events will continue to happen until something so big is zapped we have a crisis that hits global stock markets or politics. Only then will people take note, it is just like all the posturing about climate change.

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps

      Nah, as long as there's money to be made from suckers, there's gonna be shysters out there trying to extract it from them. Since Microsoft can't stop fucking with their software for more than 27 seconds, the hackers are always going to have freshly-plowed ground in which to look for new vulnerabilities. Then add in the occasional security blip from FOSS that looks small but turns out to be massive, and it's a wonder we still keep our computers inter-networked together and don't just smash them all with hammers and go back to adding machines.

  9. Pirate Dave Silver badge

    We used Kronos for employee timekeeping up until this past April when we moved to ADP. The big driver for us was that Kronos' time-clocks could talk directly to our AS/400. But we switched the backend and time-clocks over to ADP's "cloud" this past Spring, and my total involvement was putting two screws in the wall and plugging the clocks into the network jack. I wonder how vulnerable ADP is....

  10. Anonymous Coward
    Anonymous Coward

    It's the new...

    It's obviously the fault of omicrom as there's going to be some more newspaper headlines tomorrow.

    Boris will make a special announcement tonight stating that all computers must get vaccinated and wear masks....

    Well, it's about as sensible and useful as any other fecking idea he's come up with.

  11. disgruntled yank Silver badge

    Over Here as well

    According to this morning's Washington Post, the Kronos attack has affected Prince Georges County, Maryland (the county bordering the District of Columbia on the east). The Post says that this affects timekeeping but not payroll, and that timekeeping for now is "manual", which is suppose could mean paper-and-pen or Excel.

  12. Anonymous Coward
    Anonymous Coward

    Don't forget that when you utilise a cloud service like Kronos, you also often deploy ADFS or LDAP so when the cloud service is compromised, the infected systems have a direct route to your authentication services. There are certain protections that can be put in place but fundamentally, you're providing a direct link from Kronos to your AD user auth so don't forget to block all access to/from Kronos in your network until they have this resolved.

  13. Anonymous Coward
    Anonymous Coward

    January the 10th - still FUBAR. Employees being asked what days they worked for payroll. Oh dear me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like