One weak password was all it took for hackers to bring down KNP, a 158-year-old transport company in Northamptonshire, leading to its collapse and the loss of 700 jobs.

The ransomware attack, believed to have been triggered by a compromised employee login, left the company unable to recover its encrypted data or continue operations.

KNP, a transport company based in Northamptonshire, is one of many UK businesses recently hit by cyberattacks.

Major firms like Marks & Spencer, Co-op, and Harrods have also fallen victim in recent months. The CEO of Co-op confirmed that data belonging to all 6.5 million of its members had been stolen.

In KNP’s case, it’s believed hackers accessed the company’s system by cracking an employee’s password. Once inside, they encrypted files and locked the business out of its own systems.

Paul Abbott, a director at KNP, said he has not told the employee that their password likely led to the company’s collapse. “Would you want to know if it was you?” he asked.

Richard Horne, CEO of the National Cyber Security Centre (NCSC), stressed the importance of prevention, “We need organisations to take steps to secure their systems, to secure their businesses.”

The Mistake

By 2023, KNP operated a fleet of 500 lorries, mainly under the well-known Knights of Old brand. The company claimed to follow industry-standard IT practices and held insurance against cyberattacks.

But that wasn’t enough. A notorious ransomware group known as Akira managed to breach the system, rendering staff unable to access vital operational data. The attackers demanded a ransom in exchange for unlocking the files.

“If you’re reading this it means the internal infrastructure of your company is fully or partially dead… Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue,” read the ransom note.

While no amount was specified, a ransomware negotiation expert estimated the demand could have been as high as £5 million. KNP couldn’t afford it, and with no access to its systems or data, the company collapsed. Seven hundred people lost their jobs.

Law Enforcement Response

The National Crime Agency (NCA) is responsible for tracking down perpetrators when prevention fails. Suzanne Grimmer, who leads the team investigating the M&S breach, said cyberattacks have nearly doubled since she took over two years ago.

“If it continues, I predict it’s going to be the worst year on record for ransomware attacks in the UK,” she said.

Grimmer pointed out that hacking no longer requires deep technical expertise.

“These criminals are becoming far more able to access tools and services that you don’t need a specific technical skill set for.”

In the M&S case, attackers used social engineering to manipulate their way into the company’s systems. This caused significant disruption—delayed deliveries, empty shelves, and stolen customer data.

James Babbage, Director General for Threats at the NCA, said a new generation of hackers is emerging.

“They’re recognising that their sort of skills can be used to con help desks and the like into getting them access into companies.”

He said ransomware has become the most serious cyber threat globally:

“It’s a national security threat in its own right, both here and throughout the world.”

That sentiment was echoed in a 2023 report by Parliament’s Joint Committee on the National Security Strategy, which warned of the growing likelihood of a “catastrophic ransomware attack at any moment.” A more recent report from the National Audit Office described the threat as both “severe and accelerating.”

Horne at the NCSC advised that cyber-security should be central to all business decisions: “Companies need to think about cyber-security in all the decisions they make.”

And Babbage cautioned against giving in to ransom demands: “Every victim needs to make their own choice, but it is the paying of ransoms which fuels this crime.”

To curb the rise in attacks, the UK government is considering banning public bodies from paying ransoms and requiring private firms to report attacks and seek permission before paying.

Back in Northamptonshire, Paul Abbott now speaks publicly about KNP’s experience, urging others to take cybersecurity seriously. He supports mandatory checks to ensure firms are protected.

“There needs to be rules that make you much more resilient to criminal activity,” he said.

Paul Cashmore, a cybersecurity expert brought in by KNP’s insurers, said many companies quietly pay rather than report incidents. “This is organised crime,” he said. “I think there is very little progress against catching the perpetrators, but it’s devastating.” (BBC)