A severe ransomware crisis has disrupted the operations of many large companies, and some workers are worried about not getting their last pay before the Christmas holidays. The culmination of all this is the recent infamous Log4Shell attack, which could leave labor solutions company Kronos with a business disruption that could last for weeks. The security incident has affected the human resources operations of the New York City Subway Transportation Bureau, Honda Corporation, GameStop and others.
A Whole Foods worker told NBC News that "we're really worried about the paycheck for the upcoming Friday." Employees, he said, had to use "paper punch cards to record our working hours."
Kronos Private Cloud is a suite of HR software run by a company called Ultimate Kronos Group (UKG). Initially, Kronos didn't say exactly how serious the problem really was: The company reported that its managed versions of Workforce Central, TeleStaff and other services were unavailable, and said it didn't estimate when they would be back online. UKG advises its clients to "evaluate other schemes to process time and attendance data for payroll processing".
But early the next morning, UKG revealed that the problem was deeper than the service outage: the company said it was a victim of a ransomware attack, saying it "could take weeks to fully restore system availability". It also said its backups were "not currently available."
UKG's customer list includes a number of large companies including Tesla, GameStop, Honda, Sainsbury's, Puma, YMCA, MGM Resorts, Denver City and the New York City Metro Transit Authority. Medical facilities have also reportedly been affected — Kronos is used by honolulu's emergency center and water supply board, and Shannon Medical Center in San Angelo, Texas, to name a few.
![Game retailer GameStop now allows cryptocurrency payments[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)