Posted 1 month ago - by

Kronos Falls Victim to Ransomware Attack- What’s Next?

The human resource management company, Ultimate Kronos Group recently fell victim to a ransomware attack. Unfortunately, one of its cloud-based time and attendance systems was exploited by hackers. They announced that this outage may end up lasting several weeks.

Organizations that rely on the company to pay employees are scrambling to figure out how to process payroll. This includes manual calculations and paper checks- something that many people have not done in years or perhaps ever.

The attack has now affected about 2,000 organizations that use their cloud-based software only. The organizations affected include government agencies, universities, banks, emergency organizations, and many other large sectors.

Some employers are even choosing to issue generic paychecks to compensate their employees for a general amount- rather than the actual hours worked. They plan on eventually correcting these calculations when they have had more time.

It is still unclear how the attackers managed to pull this off. However, the attack took place shortly after news broke regarding a major vulnerability in a piece of software called Log4j. The software is often used with the programming language Java and the flaw makes it easy for a hacker to take over a device or system, remotely.

Moreover, Java is the most widely used programming language in the world and this type of threat should not be taken lightly.

How to Protect Your Organization

In light of the pandemic, many companies are shifting to remote work and are proving to be more vulnerable to phishing scams than ever.  These arrangements can put networks at high risk for cyber security threats. This is because connections from home may not be as secure as the ones at a physical workplace location.

HR, and Finance departments are prime targets since they are privy to the most confidential information. Businesses can also be more susceptible during holiday and tax seasons. However, we always advise being skeptical of suspicious emails year-round.

Phishing Scams 101

First, what are phishing scams? As defined, “a cybercrime in which a target or targets are contacted via email, telephone, or text message by someone posing as a legitimate and reputable institution or person to persuade individuals to reveal personally identifiable information, banking, and credit card details, and passwords.”

In other words, you may receive a notification asking for sensitive information through:

  • email
  • phone call
  • text message

from someone that could be posing as a coworker, a boss, a friend, a family member, even the IRS. This is also known as a business email compromise/business email spoofing (BEC/BES).

Email Phishing Scams to Look Out For Kronos

  1. Emails requesting a bank account change for payroll direct deposit;
  2. Wire transfers into a bank account or;
  3. Copies of W-2s to intercept employee information (names, addresses, and SSNs).

These emails are generally impersonating a real company employee or executive. They usually target individuals that have the authority to authorize the release of the information that they are seeking. For scenarios 1 and 2 listed above, the thief posing as the employee/executive will provide the new bank account information making it a seamless crime.

HR departments are often a prime target due to their access to sensitive data. However, there is no real target industry or type of employer that hackers/scammers are contacting. This is relevant to all types of businesses whether you manage or own a hotel, restaurant, medical practice, construction company, etc.

How to Detect BEC/BES

You might be questioning how to tell if the email you receive is false. Don’t worry – there are several subtle clues to look out for. Make sure to read the email carefully before following through with the request. Often, email scams contain grammar and spelling mistakes within the body.

For examples of what BEC/BES may look like, check out the IRS alert here.

If a scammer has been able to compromise an executive’s email account, the domain would look almost identical. A spoofed email domain could look like any of the following:

  • … instead of … (rearranged letters)
  • … instead of … (underscore instead of a hyphen)
  • There has been a letter replacement: “m” with an “r” and an “n” – or

If any links are present, you can hover over them to verify whether the URLs are safe before clicking. Usually, if the website is unrecognizable or if the “http” lacks an “s” – “http://” vs “https://”, this may be a cause for concern.

If you notice any of these subtle clues, refrain from clicking any links or responding. Notify the sender through different means to confirm whether they sent you the email.

What to do Upon Identifying a BEC/BES Email

  • Forward non-tax related BEC/BES email scams to the Internal Crime Compliant Center (IC3) – monitored by the FBI
  • Forward tax-related phishing emails to– monitored by IRS cybersecurity professionals
  • If you are an employer impacted by the W-2 scam, forward the email to
  • If you are an employer who received a form W-2 scam, but you did not click or respond to the email, forward that email to

For other preventative steps to take when it comes to email communication, read our blog on email encryption.

Get expert HR and payroll assistance. Contact Payroll Systems and let one of our payroll specialists walk you through our easy-to-scale solutions for your business.

Related Posts

What is Pay As You Go Workers’ Comp Insurance?

  As an employer, you understand the need for worker’s compensation and may have heard of the term “pay as you go" workers comp So, what is it Is this something you need to consider  Pay...


TriNet Acquires Zenefits: What You Should Know

TriNet, a provider of human resource products has recently announced that they will acquire Zenefits Zenefits is a cloud-based HR platform and software company Upon completion of the acquisition,...


ICE Issues Extension for Remote Verification of Form I-9

The US Immigration and Customs Enforcement (ICE) is extending the temporary policy that allows employers to inspect Form I-9 documents virtually through April 30, 2022 Originally, the policy was...


Tips on Filing Forms 1095-C & 1094-C

IRS Forms 1095-C & 1094-C were designed as a way to track the requirement set by the Affordable Care Act (ACA) in which employers must provide healthcare coverage if they have 50 or more...


Supreme Court Blocks OSHA’s Vaccine Mandate for Large Employers

On Friday, January 7th, the Supreme Court held a special hearing to address the OSHA vaccine mandates However, it wasn’t until January 13th that they decided to officially block the mandate...


Medical Cannabis News: Pfizer Enters the Industry With $6 Billion Investment

American pharmaceutical and biotechnology corporation, Pfizer has signed an acquisition agreement with clinical-stage company Arena Pharmaceuticals The agreement stands at about $67 billion and...


Leave a Reply

Your email address will not be published. Required fields are marked *

This article provides general information and shouldn’t be construed as legal or HR advice. Since employment laws may change over time and can vary by location and industry, please consult a lawyer or HR expert for advice specific to your business. You can also contact Payroll Systems to inquire about our HR support services.