HR professionals in the US have lashed out after their payroll software was attacked by cyber criminals. 

The ransomware attack on payroll provider Ultimate Kronos could take weeks to fix. The company, which also has clients in the UK, has asked users to find other options to pay staff and manage time sheets.

The group, which also provides time-sheet software, said it became aware of a problem on Saturday and started to investigate. 

The issues meant customers were locked out of their accounts, which affected their employees’ pay. Kronos has around 4 million workers worldwide using its software.

The company said it was“working with leading cyber-security experts to assess and resolve the situation,” 

HR staff lash out

On twitter, HR teams have voiced their concerns and frustration at not being able to pay staff and having to resort to tools such as MS Excel or payroll books.

Many have also commented on the timing, which means some employees will see a pay delay just before Christmas, when they would be buying presents and food ahead of the holidays. 

Others have called on Kronos to hire better paid and more experienced security staff, saying it is ‘inexcusable’ that healthcare staff in the US will not be paid because of the attack.

Jake Moore is the former Head of Digital Forensics at Dorset Police. He is now Global Cyber Security Advisor at cyber security specialists ESET. He  said:

 “At a terrible time of year for disruption to services, the impact to Kronos is tremendous. Holidays, bonuses and a limited workforce all make this attack all that much worse plus the knock on effect to other businesses will also be felt more than usual. 

He adds that it is now more important than ever to boost security systems. He comments that it is “shocking” that attacks of this nature are still happening with the same methods as years ago.

“When you hear of attacks forcing companies back to pen and paper for trivial tasks such as monitoring timekeeping, it is shocking to think we are heading into 2022 with the same attack vectors as we have seen for much of the last decade.”