Threat Actors Target PrismHR in a Potential Ransomware Attack

 

PrismHR, a payroll company, suffered a cyber attack over the weekend that caused massive outages to its system. Although there are speculations among the customers that PrismHR was the victim of a ransomware attack but the payroll company hasn’t identified the attack as a ransomware one. 

PrismHR operates as an online payroll, benefits, and human resources platform used by professional employer organizations (PEO) – which employ it to provide payroll, HR, and benefits services to customers including small to medium-sized businesses (SMBs).

According to Bleeping Computer, a payroll giant was attacked on February 28th, 2021. The company stated “We recently experienced a cyber incident that affected our payroll and benefits software used by Professional Employer Organizations (PEOs) throughout the US. We immediately disabled access to the system to protect customer information and engaged top-tier security experts to help on this.”

“We are working quickly to restore customer access to our platform. While we are still looking into this, there is currently no evidence of unauthorized access or theft of data contained on our servers”, PrismHR further stated.

Due to the nature of this organization, PrismHR makes for an extremely valuable target to extract sensitive information across a large number of firms in one singular attack. Mostly, threat actors attack organizations over the weekend while employees are not present, computers are not being used, and there is less attention paid to the network. This allows threat actors to start the process of noisily deploying the ransomware to encrypt systems.

Mostly, attackers steal unencrypted data before encrypting the devices and this exfiltration of information gives the attackers leverage to financially gain via the sale of this data. Currently, the information regarding this attack is vague– if this turns out to be a ransomware attack, the outcome could be disastrous owing to the nature of PrismHR’s business. 

Considering, PrismHR holds sensitive information for thousands of organizations and this information includes social security numbers, payroll, ID cards, employee benefit information, information for beneficiaries, and a wide range of other sensitive information.