Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crime

Ransomware concept image showing computer screen with binary code, with a skull imprinted over code. — (Image credit: Getty Images)

A British transport firm was forced to close after 158 years thanks to a single easily-guessed password.

According to a recent episode of BBC's Panorama, Northamptonshire-based KNP - formerly Knights of Old - was hit by a ransomware demand that it couldn't pay.

The resulting incident saw the company fold, putting 700 people out of work and highlighting the devastating real-world impact of cyber attacks.

The hack was the work of the Akira ransomware group, which gained access by guessing one employee’s weak password. Director Paul Abbott said he hadn't told the employee concerned that it had been their error that led to the firm's closure.

"Would you want to know if it was you?" he said.

The hackers demanded a ransom believed to have been as much as £5 million.

"If you're reading this it means the internal infrastructure of your company is fully or partially dead…Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue," the ransom note read.

KNP’s insurers immediately sent in a cyber crisis team, which found that all of the company’s data had been encrypted and that its servers, backup, and disaster recovery systems had all been locked. Unable to pay the ransom, the company was forced to call in administrators.

"The resurfacing of the KNP ransomware incident through the BBC Panorama documentary is a pertinent reminder of the devastating real-world consequences of cyber crime - not only in terms of data loss, but in terms of the livelihoods that can be severely affected by a single compromised password," said Anne Cutler, cybersecurity expert at Keeper Security.

"That simple breach precipitated the complete collapse of a 158-year-old business, costing hundreds of jobs and leaving lasting damage. What’s especially sobering about this story is not that it was unique in any significant way, but rather, that it was typical."

Password security still has a long way to go

Password security has been a key battleground for cybersecurity experts in recent years, with research showing chronically lax practices among consumers and enterprises alike.

A study from Kaspersky last year, for example, analyzed 193 million compromised passwords available on the dark web, finding that 45% could be guessed by hackers within a minute.

"The destruction of KNP, formally Knights of Old, is a truly sad cybersecurity tale,” Tim Ward, CEO and co-founder of Redflags from ThinkCyber.

“But it is also a tale of simple cyber hygiene issues having a critical impact.”

"We have to take the human factor of security more seriously, or we will see more and more of these sad tales,” Ward added.

In a recent government survey, 43% of UK businesses and 30% of charities reported having experienced a cybersecurity breach or attack in the last 12 months - around 612,000 businesses and 61,000 charities in total.

Cutler noted that a common misstep for many organizations is that they assume they wouldn’t be “worthwhile targets” for cyber criminals. The reality is that any target is viable, she added.

“As this Panorama documentary makes clear, ransomware is not just being deployed on major corporations - it’s targeting the resilience of supply chains, service providers, schools, charities, and local employers like KNP."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.