It has been reported that the leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. PrismHR is an online payroll, benefits, and human resources platform serving over 80,000 organizations with 2 million employees and total annual payrolls of over $80 billion.
<p>Due to the nature of this organisation, PrismHR makes for an extremely valuable target to an adversary looking to extract sensitive information across a large number of companies in one singular attack. The successful exfiltration of this information has the potential to provide a huge return to an attacker looking to financially gain via the sale of this data.</p> <p><br />While currently information regarding this attack is quite vague, it is extremely concerning that the infiltration has the potential to impact up to 200 small to medium sized businesses. Unfortunately, organisations of this size after often less prepared for an incident like this one, with budgeting usually less prioritised for a potential cyber-attack.</p>
<p>Companies such as PrismHR hold a vast amount of sensitive data so it’s no surprise they are targeted by ransomware operators. The disruption to payroll services will have a massive impact on clients and its workers which will no doubt cause a lack of future confidence in PrismHR. Ransomware renders any files it touches unreadable unless, and until, a victim pays for a digital key needed to unlock the encryption on them.</p> <p> </p> <p>Whilst PrismHR have stated that findings from the initial investigation have found that no sensitive data was leaked, given the volume and sensitive nature of the data PrismHR manages on behalf of their clients, it’s no doubt those clients and their customers will be concerned. As seen with other ransomware attacks whilst the ransom can be paid businesses have no guarantee that the data will be deleted and won’t be published in the future.</p>
<p>Until PrismHR confirms the exact cause of the outage, the industry can only speculate on what they believe is going on behind the scenes. However, if this does turn out to be related to ransomware the ramifications will be very serious. An attack like this will not only impact PrismHR but also its customers who will need access to systems in order to pay employees. If PrismHR does not have the correct security tools installed and a proper backup system in place this could prove extremely difficult. PrismHR, therefore, might find itself in a position where it has no choice but to pay the attackers, although this is not always recommended as this can further fuel future attacks.</p>