Search This Blog

Kronos Ransomware Attack may Affect Weeks of HR Solutions Downtime

The threat actors were able to breach these systems and likely encrypted servers as part of the attack.


Kronos, a provider of workforce management tools, has been hit by ransomware, which will likely shut down many of their cloud-based solutions for weeks. Kronos succumbed to a ransomware attack on December 11th, over the weekend. Due to this, Kronos announced that the UKG solutions employing the 'Kronos Private Cloud' are unavailable. 

Kronos is a human resources and workforce management software firm that offers cloud-based solutions for timekeeping, payroll, employee benefits, analytics, and more. Kronos and Ultimate Software merged in 2020 to establish UKG, a new corporation. 

"As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud," disclosed Bob Hughes, Executive Vice President for UKG. 

"We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed." 

UKG Pro, UKG Ready, and UKG Dimensions are not affected because they do not use the Kronos Private Cloud. 

"Kronos offers a hosting environment built upon a secure infrastructure, which undergoes examinations from an independent auditor in accordance with the AICPA's SSAE18 (i.e., SOC 1) and the American Institute of Certified Public Accountants' TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (i.e., SOC 2 and SOC 3)," states the description of the Kronos Private Cloud infrastructure. 

To prevent unauthorized access to their systems, Kronos uses firewalls, multi-factor authentication, and encrypted transmissions, according to Kronos. Unfortunately, as part of the attack, the threat actors were able to infiltrate these systems and presumably encrypted servers. 

Kronos Private Cloud (KPC) is described by UKG as a secure storage and server facility hosted in third-party data centers. Workforce Central, Workforce TeleStaff, TeleTime IP, Enterprise Archive, Extensions for Healthcare (EHC), and the FMSI environments are all hosted on this infrastructure.

Many organizations, including car manufacturers, educational institutions, and local governments, use Kronos' software. Tesla, Temple University, Community Bank, and the San Francisco Municipal Transit Authority are among Kronos' customers. 
Share it:

Cloud Based Solutions

Cyber Attacks

HR Solutions

Kronos Ransomware