A weak employee password led to the collapse of KNP, a 158-year-old British transport company, after hackers from the Akira ransomware group gained access to their systems in 2023[1]. The attackers encrypted the company’s data and left a ransom note stating “If you’re reading this, it means the internal infrastructure of your company is fully or partially dead”[2].
Unable to pay the estimated £5 million ransom demand, KNP lost all its financial records and operational data[1:1]. Despite having cybersecurity insurance and industry-standard IT protections, the company went into administration three months after the attack, resulting in 730 job losses[3].
“We need organisations to take steps to secure their systems, to secure their businesses,” said Richard Horne, CEO of the National Cyber Security Centre[1:2]. The hackers gained entry through a “brute force” attack by guessing one employee’s password - a person who was never told they were the weak link that led to the company’s demise[4].
Andi’s writeup
Weak password allowed hackers to sink a 158-year-old company - BBC ↩︎ ↩︎ ↩︎
The Times - My company thrived for 150 years ↩︎
The Straits Times - How a ransomware attack caused a British company to go bust ↩︎
The Times - My company thrived for 150 years ↩︎