A weak password led to a cyber attack on KNP, a 158-year-old British company, resulting in all its data being locked and 700 people losing their jobs.
Cyber Attack: In today's digital age, where every company spends millions on cybersecurity, a simple mistake – a weak password – can destroy any organization. KNP (formerly Knights of Old), a 158-year-old British logistics company, became a prime example when it had to close down permanently in 2023 due to a ransomware attack. This cyber attack not only locked all the company's data but also cost 700 employees their jobs.
How did this cyber attack happen?
According to a BBC report, the attack began when hackers guessed an easy password of one of the company's employees. This small crack became a gateway to infiltrate the entire system. Subsequently, the notorious ransomware gang named Akira completely took control of the company's internal systems. Employees were locked out of all essential systems, and a threatening message appeared on the screen: 'If you are reading this, your company's system has been completely or partially destroyed.'
Although the exact ransom amount was not disclosed, cybersecurity experts estimate it could have been around £5 million, or ₹53 crore. KNP refused to pay the ransom – and this decision ultimately proved fatal for them.
KNP Lost Despite Having Security
According to KNP Director Paul Abbott, the company had cyber insurance and followed all IT security standards. Yet, a weak password plunged the company into darkness. This shows that merely technical measures are not enough against cyber attacks – human negligence can prove equally dangerous. Abbott also mentioned that they never revealed the identity of the employee whose login triggered everything. 'A small mistake can sink an entire organization,' he said.
Cyber Threat Increasing in Britain
KNP was not the only company to fall victim to this misfortune. In 2023, approximately 19,000 ransomware attacks were recorded in the UK. Major brands like Marks & Spencer, Co-op, and Harrods were also affected by these attacks. The CEO of Co-op recently admitted that data of approximately 6.5 million of their members was stolen. According to Suzanne Grimmer, head of cybercrime at the UK's National Crime Agency, there are now 35 to 40 ransomware attacks every week. This figure indicates that cyber security is no longer just the job of the IT department, but it has become the responsibility of the entire organization.
‘Cyber MOT’ – New Thinking, New Hope
Former KNP Director Paul Abbott now wants to turn the experience from this tragedy into a warning and a solution for others. He has proposed an idea called 'Cyber MOT' – just like vehicles have an MOT test, companies should be required to obtain a cyber security certificate periodically. This idea has also received support from cyber expert Paul Cashmore. He believes that many companies succumb to ransomware and quietly pay the ransom – which further emboldens criminals. 'If companies share information about attacks publicly and warn each other, the situation can improve.'
Weak Link: Negligence on Passwords
The saddest part of this entire affair is that such an old, experienced, and insured company was ruined due to negligence on just one password. Cyber experts have been constantly saying that passwords like ‘123456’ or ‘password’ are now open invitations for cybercriminals. Every employee should use password management tools, multi-factor authentication should be mandatory, and cyber security training should be provided periodically.
