Weak login credentials of a single staffer wiped out a 158-year-old firm, and its boss is now warning others | #ransomware | #cybercrime

All it took was one guessed password from the login credentials of a single employee, and a ransomware gang brought down KNP, a 158-year-old British company. Now British intelligence agencies are fighting ransomware attacks 24/7. The man who led KNP at the time is now helping these efforts. Here is what happened.

KNP, a transport company in Northamptonshire, had to ground its fleet of 500 lorries and render 700 people jobless in 2023 as the ransomware gang entered its systems by guessing the weak password.

The attack on KNP came from the notorious ransomware group Akira. Once inside, they encrypted all company data and held it for ransom.

“If you’re reading this, it means the internal infrastructure of your company is fully or partially dead,” the hackers wrote in their chilling ransom note.

A negotiation firm estimated the cost of retrieving the KNP data at £5 million, and the company simply didn’t have that kind of money.

Without access to its digital systems, orders, or logistics, the company had no other option but to file for insolvency.

KNP director Paul Abbott made a startling confession: he still hasn’t told the employee whose weak password likely doomed the firm.

KNP is one of tens of thousands of UK businesses falling prey to cyber sieges, according to a BBC report on the menace.

Even household names like M&S, Co-op and Harrods are not spared. Last week, the Co-op, a UK grocery chain, said all 6.5 million of its members had their data stolen in a cyber attack.
Similarly, Marks & Spencer (M& S) fell victim to social engineering, with the hackers tricking their way in by “blagging” IT staff at the British multinational retailer. Blagging or ‘pretexting’ is a social engineering tactic in which attackers trick victims into divulging sensitive information or granting access to systems by creating a fabricated scenario and building their trust.

At the British intelligence agency GCHQ or the Government Communications Headquarters, elite National Cyber Security Centre (NCSC) officers are fighting against ransomware 24/7. But even they admit there are a lot of attackers, “and not that many of us.”

Cyberattacks have nearly doubled to 35-40 incidents a week, the BBC report quoted Suzanne Grimmer of National Crime Agency (NCA) as saying. “Criminals are becoming far more able to access tools and services that you don’t need a specific technical skill set for.”

James Babbage, Director General (Threats) at the NCA, told the BBC that young gamers are becoming hackers, after ‘recognising that their skills can be used to con help desks into giving them access to companies.’

Once inside, they use ransomware bought from dark web to steal data and lock up entire systems. “It’s a national security threat in its own right,” Babbage said.

British government is planning to ban public bodies from paying ransoms to hackers, and may force private companies to report attacks and get permission to pay.

Paul Abbott, the boss of NKP when it crumbled, is now giving talks on the cyber threat, using the example of his company as a cautionary tale.

Abbot, said the BBC report, wants every company to prove their security is up-to-date.
Paul Cashmore, a cyber-insurance specialist during the KNP collapse, said many companies, however, just choose to pay up quietly.

“We need organisations to take steps to secure their systems,” Richard Horne, CEO of the National Cyber Security Centre (NCSC), which is waging daily war on international hacker gangs, was quoted as saying in a BBC report on the crime.

But Babbage said that it is the paying of ransoms which fuels this crime.