A sobering reality of the digital age was revealed when a 158-year-old UK company was brought down by a single weak password. 700 workers lost their jobs when KNP, a transport company based in Northamptonshire that operates under the well-known “Knights of Old” brand, was completely destroyed by a ransomware attack.
By attempting to guess an employee’s password, hackers from the Akira ransomware gang are thought to have gained access to KNP’s systems. Once inside, they demanded a ransom, estimated at up to £5 million, to unlock the encrypted data. KNP was forced to permanently cease operations since it was unable to pay and lacked access to vital information.
The business had industry-standard IT systems and cyber insurance, but it was helpless against this attack. “Would you want to know if it was you?” Director Paul Abbott asked, acknowledging that he decided not to inform the employee whose password had been compromised.
There are numerous cases like this one. An estimated 19,000 ransomware attacks occurred in the UK last year alone. Targets have also included big-box stores like M&S, Co-op, and Harrods. While M&S encountered delivery delays and customer data breaches, Co-op confirmed that the data of 6.5 million members had been stolen.
Every day, GCHQ’s National Cyber Security Centre (NCSC) deals with a significant attack. But experts like the NCSC’s Richard Horne caution that there are just “too many attackers” and not enough defenders. According to Suzanne Grimmer of the National Crime Agency, the availability of hacking tools that require little technical expertise is to blame for the nearly twofold increase in incidents over the past two years.
Officials discourage ransom payments, which only serve to increase crime, and emphasize prevention. However, in order to survive, many businesses continue to opt for silent payment methods. To make sure companies are prepared to handle the increasing cyber threat, some, like Paul Abbott, are now advocating for mandatory cybersecurity assessments, or what he calls a “cyber-MOT.” The demise of KNP serves as a terrifying reminder of how vulnerable even century-old institutions can be to cyberattacks as they develop and become more intense.