UPDATED 20:31 EST / DECEMBER 28 2021


W. Virginia employees to be paid despite Kronos remaining offline following ransomware attack

State employees in West Virginia will be paid on time this week, despite the state’s payroll processing being affected by the ransomware attack on workflow management solutions provider Kronos Inc. disclosed on Dec. 13.

Local media reports that state payroll administrators went to “extraordinary lengths” during the Christmas week to ensure that employees would be paid on time. That said, State Auditor JB McCuskey warned that every employee should double-check paystubs.

The auditor added that the attack on Kronos has not compromised employees’ personal information.

“Kronos uses a unique identifier for every employee that is not their social security number and its not their birth date,” McCuskey explained. “When their Kronos [number] gets entered into the auditors office’s site, that’s when it gets turned into an identifiable pay stub so the ransomware attack does not effect anyone’s personal information so people can be very confident in knowing this wasn’t a data breach as well.”

It’s noted that it remains unknown when West Virginia state employees will have access to Kronos again. That suggests that Kronos remains offline two weeks after the ransomware attack.

The outage at Kronos has not affected West Virginia alone. As noted at the time of the ransomware attack, notable Kronos customers include Tesla Inc., Marriott International Inc., Yamaha Corp., Aramark Corp., Samsung Electronics Co. Ltd. and Sony Music Entertainment.

The form of ransomware used in the attack on Kronos has still not been revealed. At the time of the attack three was some suggestion that those behind it may have taken advantage of vulnerabilities in Apache Log4j but this is also not confirmed.

The only thing that Kronos has acknowledged in broader security terms is via a banner at the top of its community pages. The banner says that the company has addressed Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 across all of its products and that it’s currently addressing CVE-2021-45105.

The lack of transparency by Kronos is not a positive for the company and it’s one reflected in comments made by customers on its community log revealing the incident. As one customer put it, “Any halfway decent IT application hosting company would have disaster recovery plans for any worst-case scenario. Running fire and police departments, this data can literally be a matter of life and death for the public and for our people.”

Photo: Angela/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.