Ransomware Attack Strikes HR Company Kronos — Rumors of Log4Shell

The HR management provider, Kronos (UKG Inc.), has been hit by a large ransomware attack, knocking its services offline. The company have stated that the ransomware attack will mean its services being unavailable for “several weeks.” In an unprecedented move, they have even advised that clients should look elsewhere for ways to facilitate payroll and HR-related activities.

Notable Kronos clients include Tesla, Marriott International., Puma, Yamaha Corp., YMCA, Samsung, and Sony — plus universities and hospitals. The attack specifically targeted the Kronos Private Cloud, knocking offline “UKG Workforce Central”, “Healthcare Extensions”, and “Banking Scheduling Solutions”.

“At this time, we still do not have an estimated restoration time,” UKG said in a community post, while advising that “impacted customers evaluate alternative plans to process time and attendance data for payroll processing, to manage schedules and to manage other related operations important to their organization.”


Kronos have not identified or revealed the type of ransomware involved in the attack. Nonetheless, coming amidst the panicked chaos of Log4Shell in recent days, cybersecurity experts have been theorizing that the Kronos attack is related to the Log4shell bug.

Ars Technica noted that Kronos’s cloud services rely heavily on Java, the software framework from which the Log4Shell bug originates. The bug (first seen on Minecraft) allows hackers to run virtually any code in order to take over a server or computer. 

Experts are urging companies to patch up immediately — the problem being “That could take hours, days or even months depending on the organization,” said Jon Clay, vice president of threat intelligence at Trend Micro.

Ultimately, Kronos could simply be the first of many victim companies to come. Paul Ducklin, principal research scientist at Sophoswarns that there are a “staggering number of different ways that the Log4Shell ‘trigger text’ can be encoded […] the wide variety of servers and services that could be affected are collectively conspiring against all of us.”

Protection and Prevention


For now, other than ensure they have up-to-date cybersecurity protection installed on their devices, there is an alternative for the average users.

With the ever-present threat of data leaks and breaches, it’s never been more important to ensure your data is protected. The cybersecurity company, Trend Micro, have recently released an app specifically designed to meet the challenges that data leaks bring.

Available on Android and iOS, ID Security scours the dark web for any mention of your data (email address, passwords, codes etc.) in the event of it being sold or maliciously shared by cybercriminals. Its key features include:

  • Dark Web Personal Data Manager
  • Credit Card Checker
  • Email Checker
  • Password Checker
  • Social Media Account Checker
  • A Comprehensive Monitoring Report

Simple, efficient, and easy-to-use, follow this link or scan the QR code below to try the free 30-day trial version today!


As ever, if this article’s been of use and/or interest to you, please do SHARE with friends and family to help keep the online community informed and protected.