One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work.
KNP - a Northamptonshire transport company - is just one of tens of thousands of UK businesses that have been hit by such attacks.
In KNP’s case, it’s thought the hackers managed to gain entry to the computer system by guessing an employee’s password, after which they encrypted the company’s data and locked its internal systems.
KNP director Paul Abbott says he hasn’t told the employee that their compromised password most likely led to the destruction of the company.
“Would you want to know if it was you?” he asks.
The company said its IT complied with industry standards and it had taken out insurance against cyber-attack.
But a gang of hackers, known as Akira, got into the system leaving staff unable to access any of the data needed to run the business. The only way to get the data back, said the hackers, was to pay.
Hacking is becoming easier and some of the tactics don’t even involve a computer, like ringing an IT helpdesk to gain access.
This has lowered the barrier for potential attacks says Ms Grimmer: “These criminals are becoming far more able to access tools and services that you don’t need a specific technical skill set for.”
I’m really wishing for the increased popularity of passkeys
Well, that is why you need to have proper disaster recovery plans and cold backups in place. And how can one person’s account can destroy whole company?
Maybe the hackers could have used the hijacked account to ask higher-ups for more access, or maybe the employee had too much access to stuff on their own
You’d be surprised on how many businesses treated their 1 and only copy of production data on the live server as their “backup”. No 3-2-1 policy, no care in the world. Until shit happen.
Yeah, but best practices aren’t “industry standards” - which likely means that some dusty old behind the times auditing firm founded in the Victorian era told them every year since 2022 to implement passwords with special characters, and they figured adding an exclamation point to password1234 was super-secure.
If they had implemented 2FA, this wouldn’t be an issue at all. If they had not given too many accounts probably admin access “because the CEO wants to be able to see all the files” or something, this likely wouldn’t be an issue. If the had backups…like, what are these people even doing? They should be paying Google to be on GSuite because they’re too incompetent to be running this themselves.