Vendor Kronos/UKG victim of a ransomware attack, cloud service disruption for weeks

Sicherheit (Pexels, allgemeine Nutzung)[German]I had already seen it briefly on Twitter yesterday, the provider of software solutions "from the cloud" (accounting, workforce scheduling, time tracking, etc.), the company Kronos, has become a victim of a ransomware attack over the weekend (Dec. 11, 2021). UKG solutions using the "Kronos Private Cloud" have been unavailable since Dec. 11, 2021, due to this ransomware attack.


UKG and Kronos

I confess, the two names meant less to me, as I'm not active in this area. However, both Kronos and UKG are worldwide active in HR services. represented in Germany as software providers. In the case of UKG, this page (deleted) states:

Building on 70 years of experience from two leaders in HR solutions, UKG combines the strength and innovation of Ultimate Software and Kronos. Individually, we've always put people at the center of everything we do. Together, we're committed to inspiring workforces and businesses around the world, helping to pave the way forward for our people, customers, and industry.

They offers human ressource and workforce management solutions with a bucket of cloud based services.

The ransomware attack

The first info came yesterday on Twitter – such as the following tweet from Catalin Cimpanu, who was informed by a customer that UKG fears weeks of outages due to a ransomware attack, and customers won't be able to process salaries before the Christmas holidays.

Kronos / UKG Ransomware attack

Kronos UKG emailed customers as of Dec. 13, 2021, about Kronos Private Cloud (KPC) impairments due to a cybersecurity incident. The content can be read in the Kronos community in this post.


We are reaching out to inform you of a cyber security incident that has disrupted the Kronos Private Cloud.

As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud. We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed. At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud.

We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities. The investigation remains ongoing, as we work to determine the nature and scope of the incident.

While we are working diligently, our Kronos Private Cloud solutions are currently unavailable. Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions. Support is available via our UKG Kronos Community and via our UKG Customer Support Team to provide input on your business continuity plans.

We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognize the seriousness of this issue and will provide another update within the next 24 hours.

Thank you for your support and partnership. 

Bob Hughes

Executive Vice President

On Saturday, December 11, 2021, unusual activity was noticed in the Konos Private Cloud and then it was seen that ransomware was raging there. This affects the parts of the UKG company where the Workforce Central, UKG TeleStaff, Healthcare Extensions and Banking Scheduling Solutions services are deployed. So far, UKG Pro, UKG Ready and UKG Dimensions are believed to be unaffected.

The company is now working to restore the Kronos Private Cloud solutions that are no longer available. Because restoring system availability can take up to several weeks, the vendor strongly recommends that customers consider and implement alternative business continuity protocols with respect to the affected UKG solutions. Would be in something like SAP saying "sorry, we can't do it anymore, find something else".

There are more status updates in this forum section. In parallel, people are also affected by the log4j vulnerability CVE-2021-44228 and are already patching there. On The Record, Catalin Cimpanu reports from a Kronos/UKG customer that they do not have access to their employees' timekeeping and payroll data. The customer is unable to pay salaries just before the Christmas vacations or the winter vacations that starts soon. So slowly the long shadows of the cloud – whether branded as private or public – are becoming visible.

Similar articles:
Media Markt/Saturn: Ransomware attack by hive gang, $240 million US ransom demand
Ransomware attack on German medical service provider medatixx
Kisters AG victim of ransomware attack (Nov. 10/11, 2021)
Volvo Cars Corporation was victim of cyberattack by Snatch ransomware group

Cookies helps to fund this blog: Cookie settings

This entry was posted in Cloud, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *