The sad thing is that the Kronos ISP has probably had enough with the DDOS.
The DDOS might have stopped, but the ISP keep the ip's nullrouted (blocked) to save themselves and other customers.
I had this problem when hosting a ARK server. It became very popular, and at one point was the biggest server in EU.
Some ***** started ddosing and my ISP nullrouted my IP address. The ISP would some times check if the ddos was still in effect, only opening my IP once per day.
Every time the ISP did a check, the attack was gone, but started again shortly after the server was online again.
Now the attacker only had to DDOS for about 10 min, until my ISP shut down my connection again.
The connection would be shut down for over a day, until the ISP decided to check again.
The connection was opened, but shortly after, the attack was back. ISP then shut down my connection again.
This went on for a few days, until i moved my server to OVH hosting (with DDOS protection).
Sadly, it was to late, and the playerbase had moved to a different server.
TL;DR
The attack might be over, but ISP is protecting their network, keeping the Kronos gameserver IP nullrouted.
I can imagine the ISP had enough of this ddos, and only checks if the attack is over once a day.