Kronos is a workforce management and human resources company that offers cloud-based solutions for timekeeping, payroll, employee benefits, analytics, and other tasks. Kronos merged with Ultimate Software in 2020 to become UKG, a new firm.

Kronos software is used by many industries, including car manufacturers, educational institutions, and local governments. As reported by BleepingComputer, Kronos’ clients include Tesla, Temple University, Community Bank, and the San Francisco Municipal Transit Authority.

What Happened?

Kronos, a well-known workforce management solutions provider suffered a ransomware attack that will, unfortunately, disrupt many of their cloud-based solutions for weeks.

Kronos declared that the UKG solutions based on the ‘Kronos Private Cloud’ are now unavailable due to a weekend ransomware assault on December 11th.

We are reaching out to inform you of a cyber security incident that has disrupted the Kronos Private Cloud.

As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud. We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed. At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud.

We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities. The investigation remains ongoing, as we work to determine the nature and scope of the incident.

While we are working diligently, our Kronos Private Cloud solutions are currently unavailable. Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions. Support is available via our UKG Kronos Community and via our UKG Customer Support Team to provide input on your business continuity plans.

We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognize the seriousness of this issue and will provide another update within the next 24 hours.


UKG solutions that do not use Kronos Private Cloud, such as UKG Pro, UKG Ready, and UKG Dimensions, remain unaffected.

Kronos Private Cloud (KPC) is characterized by UKG as a secure storage and server facility housed in third-party data centers. This infrastructure is where their Workforce Central, Workforce TeleStaff, TeleTime IP, Enterprise Archive, Extensions for Healthcare (EHC), and FMSI environments are hosted.

Kronos offers a hosting environment built upon a secure infrastructure, which undergoes examinations from an independent auditor in accordance with the AICPA’s SSAE18 (i.e., SOC 1) and the American Institute of Certified Public Accountants’ TSP Section 100a, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (i.e., SOC 2 and SOC 3).


Unfortunately, as part of the attack, the threat actors were able to infiltrate these systems and probably encrypted servers.

As a result, Kronos claims its KPC solutions are unavailable and will likely remain so for several weeks. Customers are advised to “consider and adopt alternate business continuity practices relating to the impacted UKG systems” during this period.

While little is known about the assault, the service outage comes at a bad time for consumers who are preparing for Christmas vacations, bonus payments, and a restricted staff.

Did you enjoy this article? Follow us on LinkedInTwitterFacebookYoutube, or Instagram to keep up to date with everything we post!

Double Extortion Ransomware: The New Normal

Ransomware Explained. What It Is and How It Works

Ransomware-as-a-Service (RaaS) – The Rising Threat to Cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *