Users hit by Kronos payroll ransomware await recovery
HR users of Kronos payroll and timekeeping systems are moving to recovery from the ransomware attack. A complete restoration time frame will vary by user.
Editor’s note: This story has been updated with UKG’s estimated complete restoration date of Jan. 28.
Almost a month after the Kronos payroll system was crippled by ransomware, users have been resorting to manual payroll and timekeeping processing to pay employees.
Service restorations are beginning, but the time frame for completing this work may vary by user.
The problem was first reported Dec. 11 by UKG Inc. (Ultimate Kronos Group). The manual work came with challenges, including problems with accounting for all employee-expected compensation, some users reported.
Care New England Health System is manually paying its approximately 7,500 employees. Checks aren't including overtime or holiday pay. Employees "will receive their appropriate pay, as soon as the Kronos system is restored," said Raina Smith, a spokeswoman for the Providence, R.I.-based healthcare provider.
The University of Arkansas for Medical Sciences uses Kronos timekeeping systems affected by the outage. The university reverted to paper timesheets, said Leslie Taylor, a spokeswoman for the school. The Little Rock-based healthcare provider has more than 10,000 employees.
While paper time sheets are "more time-consuming for supervisors and employees, it has not affected our ability to get payroll out on time for our employees or affected our operations," Taylor said.
As of Wednesday, Jan. 5, the healthcare provider has not heard when Kronos plans to resolve the problem.
The Community Medical Center in Missoula, Mont., said it is using manual data entry to ensure that employees are paid. It has 980 employees. "In some instances employees are being overpaid, and in other instances they're being underpaid -- largely resulting from delayed pay premiums and differentials," the healthcare provider said in a statement. "We have dedicated additional resources internally to address the backlog of issues we're experiencing because of this nationwide problem."
Time frame for restoration
In a Dec. 30 update, UKG stated restoration for all customers should be completed by Jan. 28. Restoration, however, may be a gradual, customer-by-customer process. It is posting daily updates on its site of the status of its cloud services. Each user will get a recovery liaison, and users were expected to learn this week of their recovery timeline. The latest update says users will learn "the status of your system recovery by end of day, Jan. 7."
The recovery speed "will be based on the technical state in which we find your environment after the automated scans, as well as the complexities and configuration of your environment," Kronos said in a recent update.
The restoration process from the ransomware attack includes recovering servers, databases, as well as validating that customer applications, including "integrations, user interface and data collection (if applicable) are working as expected," UKG stated in a update.
It's unclear how many customers were affected. UKG has more than 50,000 customers. The number of customers affected by the ransomware attack is less than 5%, or about 2,500 of the total number of customers, according to a source familiar with the firm.
Jacob AnsariChief information security officer, Schellman & Company LLC
If there are any lessons to be learned from the Kronos payroll disruption, it may involve "casting a broad eye" on the risks to back-office functions, such as HR, said Jacob Ansari, chief information security officer at Schellman & Company LLC, a professional services firm. Organizations tend to focus their business continuity plans on revenue producing systems, and not the back office, he said.
"Most organizations are ill-prepared for this situation," Ansari said.
Kronos, founded in 1977, is an HR, payroll and timekeeping systems provider. It merged with Ultimate Software, an HR systems vendor, in 2020. The revenue for the company is more than $3 billion. Hellman & Friedman LLC, a private equity firm, owns UKG.
Patrick Thibodeau covers HCM and ERP technologies for TechTarget. He's worked for more than two decades as an enterprise IT reporter.