Ransomware Attack on Major Payroll System Kronos May Take 'Weeks' to Repair

I find it amazing that a company the size of Kronos doesn’t have some sort of “warm standby” or snapshotting system for rapid recovery.

When these vendors sell their “cloud” services, they usually use rapid disaster recovery as a big selling point and lead their customers to believe they no longer have to worry about contingencies, backend security, backups, etc… Some salesmen go around the technology department and try to convince upper management that their technology departments are “not capable” of operating reliably, securely or performing disaster recovery.

Since I haven’t seen all the low level details of this attack, so I shouldn’t be too quick to judge, it would appear on the surface that their “cloud” operation is run just as sloppy as many IT departments. I won’t guarantee on-premise systems I maintain at my day job could never suffer such a disaster (and anyone who does is just fooling themselves), but between physically separated replicated systems, snapshots (15 minutes on some systems), backups/archives (3 independent sets and 3 different physical sites), “golden” server images kept offline and updated regularly, and other actions taken, I have general confidence we could be operational again within a day or two with minimal data loss. I would expect a “cloud” based systems be an improvement on that (doesn’t mean some threats and failure scenarios don’t keep me awake at night still) .

I hope this ransomware doesn’t affect payroll distributions, otherwise it’s going to be a somber Christmas for some.

1 Like