Security Experts:

Connect with us

Hi, what are you looking for?



HR Management Firm Kronos Needs Weeks to Recover From Ransomware Attack

HR management platform Ultimate Kronos Group (UKG) on Monday started notifying customers that it fell victim to a ransomware attack that took down multiple applications over the weekend.

HR management platform Ultimate Kronos Group (UKG) on Monday started notifying customers that it fell victim to a ransomware attack that took down multiple applications over the weekend.

The attack, which took place on Saturday, December 11, 2021, targeted Kronos Private Cloud, a service on which the company runs several of its cloud applications, including Banking Scheduling Solutions, Healthcare Extensions, UKG TeleStaff, and UKG Workforce Central.

“At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud,” the company said.

Kronos says that it continues to investigate the ransomware incident, to determine the nature and scope of the attack.

The company also noted that the Kronos Private Cloud solutions would remain unavailable, warning its corporate customers that it might need weeks to restore systems and have services fully operational.

“Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions,” UKG said.

Kronos provides services to numerous organizations worldwide, including state and local government entities, universities, K-12 education, medium and large companies, health services providers, retail chains, and more.

The City of Springfield has confirmed being impacted by the incident, announcing that it has started working on addressing the potential adverse effects the incident might cause, to ensure that employees “will continue to receive their regular scheduled pay.”

“The City of Springfield, which uses Kronos, is taking all appropriate actions necessary to mitigate the impact this incident might potentially have upon the city, including potential disruptions with the recording of city employee schedules/hours for payroll purposes, which are usually kept and recorded in Kronos,” the City of Springfield said.

Related: Ransomware, Trojans, DDoS Malware and Crypto-Miners Delivered in Log4Shell Attacks

Related: Babuk Ransomware Seen Exploiting ProxyShell Vulnerabilities

Related: Ransomware Hit SCADA Systems at 3 Water Facilities in U.S.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.