Thousands Of Employees Affected In Puma Ransomware Attack [CASE STUDY]

HelpRansomware analyzes the ransomware attack of which the company, Puma, was a victim.

The company, a leader in ransomware removal, cybersecurity, and decryption, studied the ransomware attack on Puma and how it affected its online reputation.

Likewise, it analyzes the feeling and perceptions of online users of the provider, UKG Kronos, the target of the crime.

Have you been the victim of a ransomware attack? HelpRansomware

Fast & Guaranteed Recovery

HelpRansomware provides a 100% guaranteed ransomware removal and data recovery service, with 24/7 worldwide assistance.

Kronos victim of a ransomware attack

In December 2021, UKG Kronos, a provider of human resources services and labor management solutions, fell victim to ransomware.

This attack affected many of the companies it supplies, such as Puma.

The data leak affected 6,632 Puma employees, according to the Maine Attorney General’s Office.

Kronos victim of a ransomware attack HelpRansomware

Confirmation of the ransomware attack on Puma

Two months later, UKG Kronos confirmed the ransomware attack on Puma through a letter addressed to those affected:

“Regrettably, this letter is to inform you that we were recently the victim of a ransomware attack that involved some of your personal information, which was provided to us in connection with the services we provide to PUMA. This letter explains the incident, the measures we have taken in response and the steps you can take.”

Cloud data theft and encryption

Kronos explains, step by step, how the process of data theft and encryption happened:

“On December 11, 2021, we began experiencing service interruptions in some of our cloud-based systems. Immediately upon discovering that we were experiencing a potential security incident, we took steps to secure the affected environment. Shortly thereafter, we determined that we were the victim of a ransomware attack. […] We have determined that a malicious actor or actors accessed the cloud-based environment, stole data from that environment and encrypted the environment.”

This type of malware is used to attack large corporate or government networks quickly and effectively.

Ransomware is extremely dangerous and has the potential to cripple networks and cause catastrophic damage to infrastructure, as is the case with the Costa Rican government.

Have your files been damaged after a ransomware attack? HelpRansomware

Expert Ransomware Removal

Our certified professionals have over 25 years of experience in ransomware removal, data recovery, and computer security.

Information from the victims of the ransomware attack on Puma

The human resources services company confirmed the theft of personal data and communicated it to Puma:

“Since the attack was discovered, Kronos has been conducting a comprehensive review of the impacted environment to determine whether any individual’s personal information was subject to unauthorized access or acquisition. On January 7, 2022, Kronos confirmed that some of your personal information was among the stolen data. We notified PUMA of this incident on January 10, 2022.”

Finally, in the letter, the company explains the implementation of new procedures to avoid similar incidents in the future.

Likewise, it alerted the victims to review all the data of their accounts to detect suspicious activities.

HelpRansomware offers premium cybersecurity services to help businesses, professionals, and administrations remove any ransomware and restore encrypted files.

The company always insists on not paying the ransom or negotiating with cybercriminals.

Afterward, contact a company specializing in ransomware removal and file decryption like HelpRansomware.

Don't know how to decrypt your files? HelpRansomware

Fast & Guaranteed Recovery

HelpRansomware provides a 100% guaranteed ransomware removal and data recovery service, with 24/7 worldwide assistance.

Ransomware attack on Puma: the analysis

HelpRansomware analyzes how this criminal act has affected the online reputation of the company Puma and UKG Kronos.

The study is divided into:

  • Feeling;
  • Positivity and negativity;
  • Results.

The selected period of reputation monitoring is from December 11, 2021 to January 11, 2022.

In this way, the date on which UKG Kronos distributes the letter and the date on which Puma is aware of the attack suffered by its service provider are included.

The feeling

RepUP Monitoring Tool‘s software computes the percentage of sentiment, positive or negative, generated by users on social networks.

After the ransomware attack on Puma, the following image shows the company’s sentiment.

The feeling HelpRansomware

The negative sentiment is 14.1% and rises 85% compared to the previous month.

One of the most significant negative data points occurred on December 11 and the days after their official knowledge of the ransomware attack.

It is a favorable result considering that the positive sentiment is 43.5%.

Next, the same analysis for UKG Kronos.

The feeling guie HelpRansomware

The positive sentiment is 15.4% and the negative 17.9%, increasing 600% compared to the previous period.

Its highest negative figure occurs on the day UKG Kronos issues the letter.

Feeling in time

HelpRansomware has also calculated the net sentiment produced by the two companies over time.

This is the net percentage, measured on a scale of -100 to 100.

In the following chart, it is visualized that the net sentiment is negative, especially in the case of UKG Kronos.

Feeling in time HelpRansomware

The human resources provider contains a net sentiment of -100% the same day it communicates the ransomware attack on Puma and its subsequent days.


The performance of the results refers to the interactions (mentions, likes, comments, videos, etc.) in a certain period.

In this case, from December 11, 2021 to January 11, 2022.

Results HelpRansomware

Between the two companies, 209 results were produced, 75.6% more than the previous period.

The number of interactions stands out, especially on the dates associated with ransomware.

If you go back to the previous images, it can be confirmed that most of them are part of Puma.


HelpRansomware has analyzed the ransomware attack on Puma and UKG Kronos and how it has affected the online reputation of both companies.

You can draw the following conclusions from this case study:

  • UKG Kronos, a provider of human resources and labor management, was the victim of a ransomware attack;
  • Kronos confirmed the theft of personal data from the companies it supplies, such as Puma;
  • 6,600 workers of the clothing and footwear company were victims of this attack;
  • Puma’s negative sentiment is 14.1% and, although it is not a very unfavorable figure, the percentage increased by 85% compared to the previous period;
  • For its part, that of UKG Kronos is 17.9%, 600% more than the previous period;
  • The total result of interactions of both companies increased in the analyzed period by 75%.

The ransomware attack on Puma has indeed affected the digital reputation of the two companies.

Although the negative percentage is small, it has multiplied in the analyzed period, being more visible on the dates marked by the ransomware attack.

The data verifies that cybercrime, of which Puma and UKG Kronos are victims, has impacted the two companies’ online reputation and sentiment.

So that the consequences do not negatively affect a company or an entire country, the first step is not to pay the ransom to cybercriminals.

The victim should contact a specialized cybersecurity and ransomware removal company, HelpRansomware.

The company, part of the ReputationUP group, is a leader in the decryption and recovery of data hijacked by ransomware.

Do you want to remove ransomware quickly and safely? ReputationUP

Immediate Ransomware Help

Don’t let ransomware hold your business hostage. Our experts are ready to recover your data and secure your systems.

Leave a Comment

Your email address will not be published. Required fields are marked *