Name of Reporting Organization
Kronos
Date of Incident Occurrence
December of 2021
Incident Type
Ransomware
Event Severity
Critical
Event Narrative
Kronos suffered a ransomware attack which impacted its cloud-based services for a period of time. Cybercriminals were able to breach Kronos digital security and encrypt its servers. In addition to system downtime, the company identified “a relatively small volume of data that was exfiltrated.” The systems were restored in January of 2022.
Remediation steps put in place since discovery of the incident?
Kronos put the following remediation steps in place:
- Alerted customers of the affected outage
- Recommended to customers to implement “alternative business-continuity protocols”
- Engaged Mandiant and West Monroe to harden its environment
- Created an incident resource hub to communicate with customers affected by the ransomware attack
What would you like others in the industry to know about the incident?
The incident took place during the busy Christmas season. Ransomware gangs often time attacks to take place when organizations are short-staffed due to holidays or when they are extremely busy with the hope that the attack will take longer to spot and response times will be slower. The pressure is also higher during these times to service customers. Therefore, it is important to be extra diligent during these holiday seasons.