Ransomware attack threatens paychecks just before Christmas

A major payroll company has been crippled by ransomware hackers, leaving some companies around the country scrambling to cover employees’ last paychecks before Christmas and many workers wondering if they’ll get paid on time.

Kronos, one of the largest workforce management companies in the U.S., was hit with ransomware Saturday, according to the company’s public updates page, and announced Monday that its programs that rely on cloud services — which a number of companies use to pay employees and manage their hours — would be unavailable for “several weeks.”

For many Americans who are paid biweekly, Dec. 17 is the final payday before Christmas.

A spokesperson for Kronos declined to name which ransomware group was responsible, whether the company planned to pay, how much the hackers demanded or to provide a full list of customers that use its cloud services and were affected.

A number of major companies, including Whole Foods, GameStop and Honda, as well as state and local government agencies like the state of West Virginia and city of Cleveland, rely on Kronos for payroll and scheduling services for their employees.

“There is a real fear about our paychecks this upcoming Friday,” said one Whole Foods employee, who requested not to be named out of fear of reprisal.

“Whole Foods has instructed us to use a paper punch sheet to keep track of our hours & our Team Leads have been instructed to hand write the schedule, since the schedule writing system is also down,” she said in an email.

Rachel Malish, a spokesperson for Whole Foods, said that the company sent a memo to employees Wednesday that it had found a way to pay all employees on Friday.

GameStop didn’t respond to requests for comment.

A number of healthcare companies and hospitals rely on Kronos for scheduling and payroll.

Ascension, one of the largest hospital chains in the U.S., has been forced to “put in place alternate systems to track time and process payroll as scheduled,” said Gene Ford, a company spokesperson.

John Riggi, the senior advisor for cybersecurity at the American Hospital Association, an industry group, said that he had spoken with multiple hospitals that have had to create contingency plans…