Ransomware (December 2021)

Name of Reporting Organization

Kronos

Date of Incident Occurrence

December of 2021

Incident Type

Ransomware

Event Severity

Critical

Event Narrative

Kronos suffered a ransomware attack which impacted its cloud-based services for a period of time. Cybercriminals were able to breach Kronos digital security and encrypt its servers. In addition to system downtime, the company identified “a relatively small volume of data that was exfiltrated.” The systems were restored in January of 2022.

Remediation steps put in place since discovery of the incident?

Kronos put the following remediation steps in place:

• Alerted customers of the affected outage
• Recommended to customers to implement “alternative business-continuity protocols”
• Engaged Mandiant and West Monroe to harden its environment
• Created an incident resource hub to communicate with customers affected by the ransomware attack

What would you like others in the industry to know about the incident?

The incident took place during the busy Christmas season. Ransomware gangs often time attacks to take place when organizations are short-staffed due to holidays or when they are extremely busy with the hope that the attack will take longer to spot and response times will be slower. The pressure is also higher during these times to service customers. Therefore, it is important to be extra diligent during these holiday seasons.