A UK-based transportation company with a venerable 158-year history has collapsed in the wake of a ransomware attack. Around 500 Northamptonshire-based Knights of Old (KNP) trucks are now off the road, and 700 people have lost their jobs, due to money-grasping cyberattackers, named as ‘Akira’ in a BBC report.
The internet-connected criminals are said to have gained access to KNP’s internet systems via a weak password that was used by one of the employees at the firm. Actually, the password was so weak it was simply guessed correctly, it is thought. Naturally, KNP doesn’t want to name the specific employee whose password was compromised. After breaking this weakest link, the hackers encrypted and locked KNP’s operational data. The cyber villains then told KNP that the only way to get their data unlocked would be to pay.
A ransom note left by the hackers read as follows. “If you’re reading this it means the internal infrastructure of your company is fully or partially dead… Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue,” says the BBC report.
KNP investigated the ransomware demand with the help of a specialist firm, which estimated that the monetary demands could be as high as £5 million ($6.74 million). This was a sum well beyond the means of KNP. However, we feel there’s something missing from the BBC report as it next says, “In the end all the data was lost, and the company went under.” Surely there was some further contact with ‘Akira’ and an attempt at negotiation…
Calls for improved cybersecurity hygiene
Elsewhere in the source report, we hear from members of the UK government’s National Cyber Security Centre (NCSC). A representative of the NCSC told the BBC that they are striving to make the UK one of the safest places for online activity. However, operations like ransomware, where money can potentially be directly extracted by criminals, is a growing problem.
Research quoted by the BBC suggests that a typical ransomware demand for an afflicted UK company will be around £4 million ($5.4 million). Thus, what KNP thought they would have to raise to save their company wasn’t an atypical ransom demand.
While we can agonize about the scale of criminal hacking and these unaffordable ransoms, prevention is better than cure. Thus, proactive measures are being proposed, such as banning public bodies from paying ransoms and enforcing private companies’ reporting of ransoms to the government. Moreover, it was mused that companies should have a regular independent cyber-audit to ensure a minimum standard of cybersecurity hygiene.
Follow Tom’s Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
