Ransomware attack hits major payroll company right before Christmas

Paychecks at GameStop, Whole Foods and other stores may be affected.

Sponsored Links

NEW YORK, NEW YORK - SEPTEMBER 29: A person wears a face mask outside Whole Foods Market in Union Square as the city continues Phase 4 of re-opening following restrictions imposed to slow the spread of coronavirus on September 29, 2020 in New York City. The fourth phase allows outdoor arts and entertainment, sporting events without fans and media production. (Photo by Noam Galai/Getty Images)
Noam Galai/Getty Images)

Ransomware has been a recurring problem throughout 2021, and the latest attack could be particularly severe for some workers. NBC News reports workforce management heavyweight Kronos has suffered a ransomware attack that could affect its ability to handle hours and payroll at well-known companies like GameStop, Honda and Whole Foods. With many final pre-Christmas paychecks slated to arrive this week, there's a concern some employees might not get paid in a timely fashion when they need it most.

Kronos reported the attack on December 11th, but it wasn't until December 13th the company warned it might take "several weeks" to fully restore functionality. The company didn't identify the perpetrators. It also couldn't completely rule out a connection to the recent Log4j vulnerability, but went through "rapid patching" and supply chain checks to make sure its systems weren't susceptible.

It's not clear how soon hours and payroll functionality might come back. In the meantime, though, companies have had to scramble to find alternatives. Whole Foods told NBC it had found a way to pay staff this week, but Honda only said it was "taking steps" to mitigate any problems. One anonymous Whole Foods worker said teammates had been asked to rely on paper punch sheets and handwritten schedules.

The Kronos incident illustrates the sheer breadth of ransomware victims in recent months, including a meat supplier and a key oil pipeline operator. It also underscores the fragility of modern workplace technology. While a payroll company might not be considered critical infrastructure like food or fuel providers, a cyberattack against it can still deal significant economic damage.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget