Hackers Took Advantage Of One Crappy Password To Destroy This 158-Year-Old Company

KNP Logistics — one of England’s largest transportation companies — was completely destroyed by hackers, putting 730 people out of work.

What’s especially galling about this story is that this successful business, founded in 1865, survived two world wars, economic downturns, and countless industry challenges during its 158-year existence. But it couldn’t survive a modern attack targeting one weak, easily guessable password used by a C-level executive.

Over the years, KNP built and maintained a stellar reputation as a reliable logistics provider, with a trucking fleet of over 500 vehicles. Now all their employees are gone, and their delivery trucks sit idle.

Once the hackers got into KNP’s computer system, they encrypted all of the company's data and locked up its internal systems. Every one of the company’s most critical digital assets were gone: their financial systems, customer databases, and all their infrastructure needed for daily operations. Truly a worst-case scenario for any business.

These particular Digital Kleptos demanded a ransom payment equivalent to $2 - $5 million dollars. But KNP simply didn’t have immediate access to that much cash, and since their financial records were encrypted, they couldn’t close a banking deal for emergency funding.

Their only option was to cease operations, instantly putting 730 people out of work.

As a society, we must tell cybersecurity stories more persuasively to a much wider audience.

Businesses of all kinds need to recognize that cybersecurity isn’t just one of many IT issues the technical folks handle — cybersecurity is a foundational business survival requirement.

Could the total destruction of KNP, one of England’s largest transportation companies, have been avoided?

Probably.

If KNP had implemented these basic business cybersecurity policies, the attack might have been avoided altogether:

• Required company-wide use of password managers to create strong, modern passwords.

• Two-factor authentication for critical systems.

• Multiple backups, ideally off-site backups not connected to the network or Internet.

• Careful control of admin rights (access control).

• Regular security assessments and penetration testing.

• Account monitoring to detect suspicious login attempts.

• Privileged Access Management to limit network access for compromised accounts, as well as

• General network segmentation to limit lateral movement.

Here’s an article from the BBC about the hack, and responses from government employees fighting back: https://www.bbc.com/news/articles/cx2gx28815wo

For a far more detailed, technical description of the causes, impacts and potential solutions, follow this link to Breached Company’s analysis: https://breached.company/the-knp-logistics-ransomware-attack-how-one-weak-password-destroyed-a-158-year-old-company/

Or, alternatively, follow this link for a 3-minute BBC segment including interviews with KPN’s CEO and the cyber crisis team that responded to the hack:

Inside the Cyber War: Hackers vs Secret Agents: https://youtu.be/pCdLguYfkvc?feature=shared&t=766

Join us

Weekly resources to help keep you safer online — protecting you from hackers, online scammers, and other Digital Kleptomaniacs™.

No spam. No selling your email. Just factual, actionable information once a week, from people who truly care about online security.  You can unsubscribe any time — but we hope you’ll want to stay with us on this journey.

Cybersecurity is a modern form of wealth, and you deserve to keep what you've earned.

Looking forward to connecting again next week.

— Anthony Collette

Digital Kleptos™