A British transport firm was forced to close after 158 years thanks to a single easily-guessed password.
According to a recent episode of BBC's Panorama, Northamptonshire-based KNP - formerly Knights of Old - was hit by a ransomware demand that it couldn't pay.
The resulting incident saw the company fold, putting 700 people out of work and highlighting the devastating real-world impact of cyber attacks.
The hack was the work of the Akira ransomware group, which gained access by guessing one employee’s weak password. Director Paul Abbott said he hadn't told the employee concerned that it had been their error that led to the firm's closure.
"Would you want to know if it was you?" he said.
The hackers demanded a ransom believed to have been as much as £5 million.
"If you're reading this it means the internal infrastructure of your company is fully or partially dead…Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue," the ransom note read.
KNP’s insurers immediately sent in a cyber crisis team, which found that all of the company’s data had been encrypted and that its servers, backup, and disaster recovery systems had all been locked. Unable to pay the ransom, the company was forced to call in administrators.
"The resurfacing of the KNP ransomware incident through the BBC Panorama documentary is a pertinent reminder of the devastating real-world consequences of cyber crime - not only in terms of data loss, but in terms of the livelihoods that can be severely affected by a single compromised password," said Anne Cutler, cybersecurity expert at Keeper Security.
"That simple breach precipitated the complete collapse of a 158-year-old business, costing hundreds of jobs and leaving lasting damage. What’s especially sobering about this story is not that it was unique in any significant way, but rather, that it was typical."
Password security still has a long way to go
Password security has been a key battleground for cybersecurity experts in recent years, with research showing chronically lax practices among consumers and enterprises alike.
A study from Kaspersky last year, for example, analyzed 193 million compromised passwords available on the dark web, finding that 45% could be guessed by hackers within a minute.
"The destruction of KNP, formally Knights of Old, is a truly sad cybersecurity tale,” Tim Ward, CEO and co-founder of Redflags from ThinkCyber.
“But it is also a tale of simple cyber hygiene issues having a critical impact.”
"We have to take the human factor of security more seriously, or we will see more and more of these sad tales,” Ward added.
In a recent government survey, 43% of UK businesses and 30% of charities reported having experienced a cybersecurity breach or attack in the last 12 months - around 612,000 businesses and 61,000 charities in total.
Cutler noted that a common misstep for many organizations is that they assume they wouldn’t be “worthwhile targets” for cyber criminals. The reality is that any target is viable, she added.
“As this Panorama documentary makes clear, ransomware is not just being deployed on major corporations - it’s targeting the resilience of supply chains, service providers, schools, charities, and local employers like KNP."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Nearly half of MSPs admit to having a ransomware kitty
- US healthcare data breaches are out of control
- The ransomware boom shows no signs of letting up
-
Everything we know about the Plex data breach so farNews Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Mainframes are back in vogueNews Mainframes are back in vogue, according to research from Kyndryl, with enterprises ramping up hybrid IT strategies and generative AI adoption.
-
Everything we know about the Plex data breach so far
News Plex advised users to sign out of any connected devices that are currently logged in and enable two-factor authentication if they haven’t already.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
FBI warns 'indiscriminate' Salt Typhoon hacking campaign has hit organizations in more than 80 countriesNews The Salt Typhoon hacker group has waged several major campaigns against US telecoms companies and critical infrastructure operators – now it's ramping up attacks globally.
-
Salesloft Drift hackers had access to company GitHub account for months before attacksNews Hackers behind the Salesloft Drift breach had access to the company’s GitHub account for several months before waging a flurry of attacks, the company has revealed.
-
Gen Z has a cyber hygiene problemNews A new survey shows Gen Z is far less concerned about cybersecurity than older generations
-
Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacksNews Proofpoint said Stealerium has flown under the radar for some time now, but researchers have observed a huge spike in activity between May and August this year.
-
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malwareNews TrendMicro has called for caution on how much detail is disclosed in security advisories
-
Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staffNews Enterprises should act swiftly to revoke rights and access, regardless of the manner of an employee’s departure.
