On December 13, 2021, Ultimate Kronos Group (UKG) notified customers that they had found unauthorized activity impacting UKG solutions using Kronos Private Cloud. Their investigation revealed the worst-case scenario: ransomware. 

According to the company, the incident affected the Kronos Private Cloud, where some of their UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed. Products not expected to be affected by the attack include UKG Pro, UKG Ready, and UKG Dimensions, as well as any solution deployed in on-premises or self-hosted environments.

As a result of this attack, global customers who use the cloud-based solutions have been knocked offline. Some even had to resort to pen-and-paper processes to try and pay their employees (right in the middle of the holiday season). 

This article will explain what we currently know about the ransomware attack, as well as how to prepare once it’s safe to go back online.

What Happened to UKG Kronos Private Cloud  

UKG reports that on December 11, they noticed the unusual activity and immediately took action to investigate and mitigate the issue. The company has not disclosed specific details about the hack or the nature of the ransomware demands, but ransomware has become one of the most pervasive threats to businesses today. (So much so that experts from Cybersecurity Ventures estimate that one attack takes place every 11 seconds.)

UKG said a “relatively small volume of data was exfiltrated” by the attacker, and that they’re in the process of analyzing the data and notifying customers. It’s important to keep in mind, however, that this process could take weeks or even months to fully determine the scope of the incident. In the meantime, UKG reports that they’re working with leading cyber security experts to assess and resolve the situation.

Remediation and Recovery 

Due to the nature of the attack, the recovery process is happening in parallel phases. As of writing, customers should begin receiving information about their organization’s restoration process between January 3 – 7. 

During Phase 1, UKG will run customer environments through a validation and scanning process to check systems for any corruption, malware, or other issues. Next, they’ll implement what they call “hardening measures” to the Kronos Private Cloud. These will include patching for log4j and other vulnerabilities, resetting passwords, and further cyber-hygiene measures. 

Finally, once those steps have been completed, you’ll be allowed to restart your organization’s environment and validate that your system is ready for production. 

How Surety Systems Can Help

We understand that this has been a very stressful time for many companies scrambling to keep their payroll practices going without having access to their software, not to mention the additional stress of the potential impact to your data. And could there be a worse time than the holiday season for this sort of attack?

Our senior-level UKG Kronos consulting team understands these challenges and can help guide you through the process of getting your system back online. Once you’ve regained access to your system, there will be a laundry list of activities to be completed before you can get everything back in action. You’ll need to reschedule events, validate historical data, and reconcile data that you’ve been tracking offline during this downtime. 

Our experienced Kronos experts can help support you through this process, so that you can get back to normal business operations as quickly as possible, without sacrificing data integrity.  Contact us today to learn more.