As previously disclosed, on May 6, Wolters Kluwer detected ransomware in a portion of our environment.
While we proactively took a broad range of customer and internal applications and platforms offline to protect our systems, applications and customer data, only a small percentage of our products and applications were infected by the ransomware. Service to almost all of our customer applications and platforms that were taken offline was restored systematically between May 7 and May 12.
We promptly engaged CrowdStrike, a leading cybersecurity technology firm, to conduct a forensic investigation of the incident. This investigation has now been completed. CrowdStrike’s key findings are as follows:
- The firm has not observed any execution of the ransomware since May 6 or any evidence of data exfiltration from our network.
- All infected devices have been remediated or were decommissioned by Wolters Kluwer.
- Enhanced information security technology running on Wolters Kluwer’s systems are designed to detect and prevent the execution of a broad range of malware, including any of the malware associated with the incident.
Protecting the interests of our customers, employees and company is our top priority. Wolters Kluwer will continue to work vigilantly to maintain and continuously improve our cyber-readiness posture.