Andi’s writeup

A weak employee password led to the collapse of KNP, a 158-year-old British transport company, after hackers from the Akira ransomware group gained access to their systems in 2023^[1]. The attackers encrypted the company’s data and left a ransom note stating “If you’re reading this, it means the internal infrastructure of your company is fully or partially dead”^[2].

Unable to pay the estimated £5 million ransom demand, KNP lost all its financial records and operational data^[1:1]. Despite having cybersecurity insurance and industry-standard IT protections, the company went into administration three months after the attack, resulting in 730 job losses^[3].

“We need organisations to take steps to secure their systems, to secure their businesses,” said Richard Horne, CEO of the National Cyber Security Centre^[1:2]. The hackers gained entry through a “brute force” attack by guessing one employee’s password - a person who was never told they were the weak link that led to the company’s demise^[4].

Passphrase and 2FA , better an physical token access, is the minimum in a company, apart a backup of all important data. These hackers are in need to be send a Guantanamo, but also the IT employees of this company, a weak password without 2FA and backups are also a crime in a company.