How a Weak Password Took Down a 158-Year-Old British Company
#image_title
News Co-op Cyber-attacks Cyber-crime Harrods Internet KNP M&S NewDope

How a Weak Password Took Down a 158-Year-Old British Company

Share this post

One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work.

KNP - a Northamptonshire transport company - is just one of tens of thousands of UK businesses that have been hit by such attacks.

Big names such as M&S, Co-op and Harrods have all been attacked in recent months. The chief executive of Co-op confirmed last week that all 6.5 million of its members had their data stolen.

In KNP's case, it's thought the hackers managed to gain entry to the computer system by guessing an employee's password, after which they encrypted the company's data and locked its internal systems.

KNP director Paul Abbott says he hasn't told the employee that their compromised password most likely led to the destruction of the company.

"Would you want to know if it was you?" he asks.

"We need organisations to take steps to secure their systems, to secure their businesses," says Richard Horne CEO of the National Cyber Security Centre (NCSC) - where Panorama has been given exclusive access to the team battling international ransomware gangs.

One small mistake

In 2023, KNP was running 500 lorries – most under the brand name Knights of Old.

The company said its IT complied with industry standards and it had taken out insurance against cyber-attack.

But a gang of hackers, known as Akira, got into the system leaving staff unable to access any of the data needed to run the business. The only way to get the data back, said the hackers, was to pay.

Paul Abbott's company KNP was attacked by ransomware hackers

"If you're reading this it means the internal infrastructure of your company is fully or partially dead…Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue," read the ransom note.

The hackers didn't name a price, but a specialist ransomware negotiation firm estimated the sum could be as much as £5m. KNP didn't have that kind of money. In the end all the data was lost, and the company went under.

The National Cyber Security Centre (NCSC) says its goal is "to make the UK the safest place to live and work online". It says it deals with a major attack every day.

The NCSC is part of GCHQ, one of the UK's three main security services alongside MI5 and MI6.

The hackers are not doing anything new, says "Sam" (not his real name), who runs a NCSC team dealing with day-to-day attacks. They are just looking for a weak link, he tells Panorama.

"They're just constantly finding organisations on a bad day and then taking advantage of them."

Using intelligence sources, NCSC operatives try to spot attacks and eject hackers from computer systems before they can deploy ransom software.

"Jake" (not his real name) was night duty officer during a recent incident when hackers were stopped.

"You understand the scale of what's going on and you want to reduce the harm," he says. "It can be thrilling, especially if we're successful."

But the NCSC can only provide one layer of protection, and ransomware is a growing and lucrative crime.

"Part of the problem is there's a lot of attackers," says Sam. "There's not that many of us."

Statistics are hard to come by because companies don't have to report attacks or if they have paid ransoms. However, there were an estimated 19,000 ransomware attacks on UK businesses last year, according to the government's cyber-security survey.

Industry research suggests the typical UK ransom demand is about £4m and that about a third of companies simply pay up.

Richard Horne, CEO, National Cyber Security Centre, says companies need to step-up and improve their cybersecurity

"We've seen a wave of criminal cyber-attacks over the last few years," says Richard Horne, the NCSC's CEO. He denies the criminals are winning, but says that companies need to improve their cyber-security.

If prevention doesn't work, another team of officers at the National Crime Agency (NCA) has the job of catching the offenders.

Hacking is on the rise because it's such a lucrative crime, says Suzanne Grimmer, who heads a team NCA.

Her unit carried out the initial assessment into the M&S hack.

Suzanne Grimmer, National Crime Agency, says hacking attacks have almost doubled

Incidents have almost doubled to about 35-40 a week since she took over the unit two years ago, Ms Grimmer says.

"If it continues, I predict it's going to be the worst year on record for ransomware attacks in the UK."

Hacking is becoming easier and some of the tactics don't even involve a computer, like ringing an IT helpdesk to gain access.

This has lowered the barrier for potential attacks says Ms Grimmer: "These criminals are becoming far more able to access tools and services that you don't need a specific technical skill set for."

The M&S hackers broke into the company's system by means of blagging or tricking their way into the system. This caused disruption to shoppers when deliveries were delayed, some shelves were left bare, and customer data was also stolen.

James Babbage, Director General (Threats) at the NCA, says it is the characteristic of a younger generation of hackers, who now are "getting into cybercrime probably through gaming".

James Babbage, Director General (Threats), National Crime Agency, says there is now a new generation of hackers

"They're recognising that their sort of skills can be used to con help desks and the like into getting them access into companies."

Once inside, the hackers can use ransom software, bought on the dark web, to steal data and lock computer systems.

Ransomware is the most significant cyber-crime threat we face, says Mr Babbage.

"It's a national security threat in its own right, both here and throughout the world."

Others have come to the same conclusion.

In December 2023, Parliament's Joint Committee on the National Security Strategy warned there was a high risk of a "catastrophic ransomware attack at any moment".

Earlier this year, the National Audit Office produced a report that said the threat to the UK was severe and advancing quickly.

Companies need to "think about cyber-security in all the decisions they make," says Richard Horne at the NCSC.

Mr Babbage says he would also discourage victims from paying ransoms.

"Every victim needs to make their own choice, but it is the paying of ransoms which fuels this crime," he says.

The government has proposed banning public bodies from paying ransoms.

Private companies might have to report ransom attacks and get government permission to pay up.

Back in Northamptonshire, Paul Abbott of KNP now gives talks warning other businesses about the cyber threat.

He thinks companies should have to prove they have up-to-date IT protection - a sort of "cyber-MOT".

"There needs to be rules that make you much more resilient to criminal activity," he says.

However, many companies are just choosing not to report the crime but simply to pay the criminals, says Paul Cashmore, a cyber-specialist brought in by KNP's insurers.

When faced with losing everything, companies give in to the gangs.

"This is organised crime," he says. "I think there is very little progress against catching the perpetrators, but it's devastating."

Share this post
Written by
O A
Comments

Be the first to know

Join our community and get notified about upcoming stories

Subscribing...
You've been subscribed!
Something went wrong
Louisiana Attorney General Sues Roblox, Calls Platform “Perfect Place for Pedophiles”

Louisiana Attorney General Sues Roblox, Calls Platform “Perfect Place for Pedophiles”

Louisiana’s top prosecutor is suing Roblox, accusing the platform of failing to safeguard children from online predators and referring to it as the “perfect place for pedophiles.” View this post on Instagram A post shared by New Dope (@newdopehq) Attorney General Liz Murrill filed the suit on Thursday in Louisiana’s 21st Judicial District, accusing the Roblox Corporation of recklessly designing its platform without a robust age verification process. According to the 42-page filing, tens
News

O A
Snoop Dogg Becomes Co-Owner of Swansea City AFC
#image_title

Snoop Dogg Becomes Co-Owner of Swansea City AFC

Snoop Dogg is continuing to expand his business portfolio. After teasing his involvement with the Swansea City AFC teams on social media, Snoop is now one of the co-owners of the Welsh soccer team. According to AllHipHop, Snoop and Croatia World Cup finalist Luka Modric each own a minority stake deal with the soccer team. In a statement, Snoop shared his excitement about being a part of the club “My love of football is well known, but it feels special to me that I make my move into club owner
News Football

O A
NBA Roundup: Pistons Extend Win Streak to 7, Heat Win on Buzzer-Beating Alley-Oop

NBA Roundup: Pistons Extend Win Streak to 7, Heat Win on Buzzer-Beating Alley-Oop

Cade Cunningham's triple double, Daniss Jenkins's three-pointer at the buzzer and Javonte Green's overtime dunk lifted Detroit past Washington 137-135 on Monday, stretching the Pistons' win streak to seven games. In an unexpected thriller, the NBA's second-best team barely outlasted a Wizards club that fell to an NBA-worst 1-10 with their ninth consecutive loss. "We knew how big this game was for us," Jenkins said. "We wasn't going to let nothing stop us from getting this W." Cunningham made
NBA

O A
Syria to Join US-Led Coalition Against Islamic State After Trump Meeting

Syria to Join US-Led Coalition Against Islamic State After Trump Meeting

Syria will join the international coalition to combat the Islamic State group, marking a shift in US foreign policy in the Middle East, a senior Trump administration official has confirmed.  The announcement came as President Donald Trump met Syrian President Ahmed al-Sharaa at the White House - the first such visit from a Syrian leader in the country's history. In an interview with Special Report on Fox News, al-Sharaa said the visit was part of a "new era" in which the country would co-opera
News

O A
BBC Chief Tim Davie Resigns After Row Over Trump Documentary

BBC Chief Tim Davie Resigns After Row Over Trump Documentary

The director general of the British Broadcasting Corporation announced his resignation Sunday following a row over the editing of a documentary about US President Donald Trump. Tim Davie and the BBC’s head of news, Deborah Turness, resigned after accusations that a documentary by its flagship Panorama programme edited a speech by Trump in a misleading way. “Like all public organisations, the BBC is not perfect, and we must always be open, transparent and accountable,” Davie said in a statement
News

O A
Listen to the 8 Songs Nominated for the 68th Grammys’ Song of the Year Award

Listen to the 8 Songs Nominated for the 68th Grammys’ Song of the Year Award

The Recording Academy has officially named the 2026 Grammy nominees, and now the world is waiting for February 1st to see who will take home an award during the Los Angeles ceremony. And one of the most highly anticipated categories is the Song of the Year category. Lady Gaga, Doechii, Rosé and Bruno Mars, Bad Bunny, HUNTR/X, Kendrick Lamar and SZA, Sabrina Carpenter, and Billie Eilishare all up for songs that really resonated, ruling the radio and replaying on our playlists all year. From cha
Music

O A