158 year old Transport Business based in Northamptonshire, KNP, had its internal systems encrypted when a hacker guessed a single employee’s password.
Staff were locked out of vital data. The attackers (reported to be the Akira gang) demanded a ransom. The hackers didn’t name a price, but a specialist ransomware negotiation firm estimated the sum could be as much as £5m.
The business didn’t have that kind of money which resulted in all their data being lost, the company went under and 700 people lost their jobs.
Why this matters: ransomware is a business-survival risk
Ransomware attacks are no longer a niche cybercrime. Criminal gangs target the weakest link, which is often human error and use off-the-shelf ransomware tools sold on the darknet. The result can be encrypted systems, stolen customer data, operational shutdowns and impossible ransom demands. For firms without resilient backups or an incident response plan, the consequences can be serious: pay or go bankrupt.
Summary of what happened to KNP
- A single compromised password reportedly allowed initial access.
- Attackers encrypted core operational data and locked internal systems.
- The ransom demand was reportedly beyond the company’s means.
- No practical means to recover led to permanent closure.
What Can Your Business Learn from this Cyber Hack?
- Force strong authentication: Enforce multi-factor authentication (MFA) across all user accounts, especially remote access and admin accounts.
- Inventory & segmentation: Map critical systems and put network segmentation in place so a single compromised credential doesn’t give access to everything.
- Backups that prove they work: Keep immutable, offsite backups and run restore drills quarterly. If you can’t restore in a test, you don’t have a backup.
- Least privilege & password hygiene: Remove admin rights where not needed. Enforce unique, complex passwords or a managed SSO solution.
- Incident response plan: Build and rehearse a plan that covers isolation, forensics, legal and communications. Everyone should know their role.
- Vendor & third-party checks: Supply-chain and vendor access are common attack paths — audit and restrict them.
- Insurance policy: Understand what your policy covers, how it can help during an attack or ransom and how to interact with law enforcement.
- Employee training & simulations: Regular phishing and social engineering simulations for all staff to identify those who have less knowledge and educate those who may need it.
Should victims pay ransoms? Paying can speed recovery but it fuels criminal activity and offers no guarantee. The National Crime Agency discourages payment where possible.
Can insurance stop this? Insurance helps financially. Backups, segmentation and processes support ith the recovery and prevention of hacking.
How confident are you about your cyber insurance?
You may have Cyber insurance covered in your business insurance but more often than not, business owners are finding out this isn’t enough cover for their business. Whether it’s a separate policy, an additional level of cover within another policy or just included in your business insurance policy, we’ll conduct a free review!
We will review your levels of cover and make you aware of other types of cover that are available. Don’t leave it too late – in 2024, around 2,000 cyber attacks were attempted every day on UK businesses.
Call us on 01234 268818 or complete our contact form and we’ll be in touch as soon as possible.