A single weak password was enough for hackers to paralyze KNP Logistics: The data was encrypted, the company went under - and 700 people lost their jobs.

Sven Ziegler

No time? blue News summarizes for you The British company KNP Logistics fell victim to a ransomware attack and filed for bankruptcy.

According to a BBC report, the cause was a guessed password that allowed access to the network.

Around 700 employees lost their jobs and the damage is estimated at millions. Show more

A traditional company with a 158-year history no longer exists: KNP Logistics from Kettering in England fell victim to a serious ransomware attack in 2023, which the BBC has now revisited in a report.

The hackers gained access to the internal company network via a weak password, paralyzed all systems and encrypted all data.

A blackmail letter stated: "If you are reading this, your IT infrastructure is dead." According to estimates, the sum demanded was around five million pounds - too much for the medium-sized company.

Operations came to a standstill and there were no external backups or functioning emergency concepts.

Too few strong passwords

The parent company Knights of Old, which had been in the logistics business for 158 years, had to close down and around 700 employees lost their jobs. The attack has since been attributed to the notorious Akira Group.

IT security experts criticize the management for not putting enough emphasis on strong passwords, multi-factor authentication and clear guidelines. The case shows how fatal small security gaps can be.

The British National Cyber Security Centre NCSC warns: "Attacks like this happen every day - often a single vulnerability is enough to destroy an entire company.

One password can bring down an entire company

"Would you want to know that your password might have destroyed everything?" asks KNP Director Paul Abbott in retrospect. From an expert's point of view, however, the fault did not lie with a single person. "There was a lack of strong password guidelines, multi-factor authentication and external backups," criticizes the British NCSC.

KNP Director Abbott is now giving lectures on the lessons learned from the disaster. His proposal: a kind of "cyber certificate" for companies to regularly prove that their systems are protected. After all, as the KNP case shows, even a weak password can bring down an entire company.

