A major payroll company has been crippled by ransomware hackers, leaving some companies around the country scrambling to cover employees’ last paychecks before Christmas and many workers wondering if they’ll get paid on time.
Kronos, one of the largest workforce management companies in the U.S., was hit with ransomware Saturday, according to the company's public updates page, and announced Monday that its programs that rely on cloud services — which a number of companies use to pay employees and manage their hours — would be unavailable for “several weeks.”
For many Americans who are paid biweekly, Dec. 17 is the final payday before Christmas.
A spokesperson for Kronos declined to name which ransomware group was responsible, whether the company planned to pay, how much the hackers demanded or to provide a full list of customers that use its cloud services and were affected.
A number of major companies, including Whole Foods, GameStop and Honda, as well as state and local government agencies like the state of West Virginia and city of Cleveland, rely on Kronos for payroll and scheduling services for their employees.
“There is a real fear about our paychecks this upcoming Friday,” said one Whole Foods employee, who requested not to be named out of fear of reprisal.
“Whole Foods has instructed us to use a paper punch sheet to keep track of our hours & our Team Leads have been instructed to hand write the schedule, since the schedule writing system is also down,” she said in an email.
Rachel Malish, a spokesperson for Whole Foods, said that the company sent a memo to employees Wednesday that it had found a way to pay all employees on Friday.
GameStop didn’t respond to requests for comment.
A number of healthcare companies and hospitals rely on Kronos for scheduling and payroll.
Ascension, one of the largest hospital chains in the U.S., has been forced to “put in place alternate systems to track time and process payroll as scheduled,” said Gene Ford, a company spokesperson.
John Riggi, the senior advisor for cybersecurity at the American Hospital Association, an industry group, said that he had spoken with multiple hospitals that have had to create contingency plans for getting employees paid, managing their schedules and tracking their hours.
“Quite frankly, this could not have happened at a worse time. We've had a surge in Covid patients, flu patients,” Riggi said. “It's a distraction to hospital administrators at a time when they don't need any additional burden or diversion of resources.”
“Here we have all the sacrifices and hardships that our frontline heroes have been enduring right now to care for our patients. The last thing they should have to worry about, especially during the holiday season, is getting paid,” Riggi said.
Honda's workflow has also been affected by the attack, Marcos Frommer, a spokesperson for Honda North America, said in an email.
“Like many companies, Honda’s timekeeping system has been impacted by the outage,” Frommer said. “The outage has resulted in a temporary disruption to our payroll reporting system. Honda is taking steps to minimize the impact to our associates. We’re continuing to work closely with UKG to resolve this issue.”
The state of West Virginia, which uses Kronos for most employee agencies, is relying on emergency funding to pay staffers on time, state auditor JB McCuskey said in a news release.
Ransomware, where hackers remotely lock computers and demand a payment to fix them or to not reveal their contents to the public, has become a booming criminal industry. The Biden administration has taken several steps to bolster the country’s cybersecurity efforts, and the Department of Defense recently admitted to occasionally knocking some international ransomware actors offline.
But the underground hacking world is resilient and persists despite those measures, said Brett Callow, an analyst at the cybersecurity company Emsisoft.
“Ransomware nonetheless remains a very big problem, and unfortunately, it’s a problem that’s not likely to be solved anytime soon,” Callow said.