Weak password allowed hackers to sink a 158-year-old company
Baku, July 22, AZERTAC
One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work, according to BBC.
KNP - a Northamptonshire transport company - is just one of tens of thousands of UK businesses that have been hit by such attacks.
Big names such as M&S, Co-op and Harrods have all been attacked in recent months. The chief executive of Co-op confirmed last week that all 6.5 million of its members had had their data stolen.
In KNP's case, it's thought the hackers managed to gain entry to the computer system by guessing an employee's password, after which they encrypted the company's data and locked its internal systems.
KNP director Paul Abbott says he hasn't told the employee that their compromised password most likely led to the destruction of the company.
"Would you want to know if it was you?" he asks.
"We need organisations to take steps to secure their systems, to secure their businesses," says Richard Horne CEO of the National Cyber Security Centre (NCSC) - where Panorama has been given exclusive access to the team battling international ransomware gangs.
In 2023, KNP was running 500 lorries – most under the brand name Knights of Old.
The company said its IT complied with industry standards and it had taken out insurance against cyber-attack.
But a gang of hackers, known as Akira, got into the system leaving staff unable to access any of the data needed to run the business. The only way to get the data back, said the hackers, was to pay.
"If you're reading this it means the internal infrastructure of your company is fully or partially dead…Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue," read the ransom note.
The hackers didn't name a price, but a specialist ransomware negotiation firm estimated the sum could be as much as £5m. KNP didn't have that kind of money. In the end all the data was lost, and the company went under.
The National Cyber Security Centre (NCSC) says its goal is "to make the UK the safest place to live and work online". It says it deals with a major attack every day.
The NCSC is part of GCHQ, one of the UK's three main security services alongside MI5 and MI6.
The hackers are not doing anything new, says "Sam" (not his real name), who runs a NCSC team dealing with day-to-day attacks. They are just looking for a weak link, he tells Panorama.
Using intelligence sources, NCSC operatives try to spot attacks and eject hackers from computer systems before they can deploy ransom software.
Statistics are hard to come by because companies don't have to report attacks or if they have paid ransoms. However, there were an estimated 19,000 ransomware attacks on UK businesses last year, according to the government's cyber-security survey.
Industry research suggests the typical UK ransom demand is about £4m and that about a third of companies simply pay up.
Hacking is on the rise because it's such a lucrative crime, says Suzanne Grimmer, who heads a team at the NCA.
Her unit carried out the initial assessment into the M&S hack.
Incidents have almost doubled to about 35-40 a week since she took over the unit two years ago, Ms Grimmer says.
Hacking is becoming easier and some of the tactics don't even involve a computer, like ringing an IT helpdesk to gain access.
This has lowered the barrier for potential attacks says Ms Grimmer: "These criminals are becoming far more able to access tools and services that you don't need a specific technical skill set for."
The M&S hackers broke into the company's system by means of blagging or tricking their way into the system. This caused disruption to shoppers when deliveries were delayed, some shelves were left bare, and customer data was also stolen.
In December 2023, Parliament's Joint Committee on the National Security Strategy warned there was a high risk of a "catastrophic ransomware attack at any moment".
Earlier this year, the National Audit Office produced a report that said the threat to the UK was severe and advancing quickly.
Companies need to "think about cyber-security in all the decisions they make," says Richard Horne at the NCSC.
Babbage says he would also discourage victims from paying ransoms.
"Every victim needs to make their own choice, but it is the paying of ransoms which fuels this crime," he says.
The government has proposed banning public bodies from paying ransoms.
Private companies might have to report ransom attacks and get government permission to pay up.
Back in Northamptonshire, Paul Abbott of KNP now gives talks warning other businesses about the cyber threat.
He thinks companies should have to prove they have up-to-date IT protection - a sort of "cyber-MOT".
"There needs to be rules that make you much more resilient to criminal activity," he says.
However, many companies are just choosing not to report the crime but simply to pay the criminals, says Paul Cashmore, a cyber-specialist brought in by KNP's insurers.
When faced with losing everything, companies give in to the gangs.
"This is organised crime," he says. "I think there is very little progress against catching the perpetrators, but it's devastating."
Other news in this section
