Highlights
- A ransomware attack forced the closure of KNP Logistics, costing 700 jobs.
- Hackers reportedly exploited a weak employee password to access internal systems.
- The Akira ransomware gang is believed to be responsible.
- The company was unable to recover or pay the ransom, leading to full data loss.
- Cybersecurity officials warn that the UK is facing an alarming rise in such attacks.
KNP Logistics, a 158-year-old UK transport firm, has shut down following a devastating cyberattack that exploited a weak employee password. The breach has left 700 employees jobless and resulted in the permanent loss of critical business data, according to a report by the BBC.
The hackers are believed to have accessed KNP's systems by successfully guessing the password of one of its staff members. Once inside, they encrypted the company's data and blocked internal access, demanding a ransom for the decryption key.
KNP’s director, Paul Abbott, confirmed that the attack stemmed from a compromised password, though the individual staff member involved has not been informed. Despite the company having cyber insurance and adhering to industry-standard IT protocols, it was unable to recover from the damage.
“Infrastructure is dead,” ransom note read
The ransomware attack has been attributed to the Akira gang, a known cybercriminal group. Their ransom note read:
"If you're reading this, it means the internal infrastructure of your company is fully or partially dead… Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue."
While the ransom amount was not disclosed, cybersecurity experts estimate it could have been around £5 million. KNP, however, was unable to afford the payment. This led to the complete loss of essential data and, ultimately, the collapse of the business.
KNP operated a fleet of around 500 lorries, primarily under the well-established Knights of Old brand.
Cybercrime on the rise in the UK
The incident has raised renewed concerns over cybersecurity standards in British businesses. Richard Horne, CEO of the National Cyber Security Centre (NCSC), stressed the need for firms to prioritise digital security.
“We need organisations to take steps to secure their systems, to secure their businesses,” he said.
Hackers are increasingly relying on exploiting existing weaknesses, such as poor passwords or system misconfigurations, rather than inventing new attack techniques. Sam, a member of the NCSC’s active threat monitoring team, said attackers regularly scan for organisations with weak cyber defences.
Meanwhile, the NCSC is working to identify and intercept potential attacks before they reach ransomware deployment stages. “Jake” (a pseudonym), who works night shifts at the NCSC, described one such operation:
“You understand the scale of what’s going on, and you want to reduce the harm. It can be thrilling, especially if we’re successful.”
Increasing accessibility of hacking tools
According to Suzanne Grimmer, who leads a cybercrime team at the National Crime Agency (NCA), ransomware attacks are becoming more frequent and accessible. Her unit, which assessed the M&S data breach, has seen weekly incidents nearly double in two years, now reaching 35–40 per week.
Grimmer warned 2025 could become the UK’s worst year on record for ransomware incidents. She noted the rise of “plug-and-play” hacking tools and social engineering tactics, such as fake calls to IT helpdesks, are enabling attackers without advanced technical knowledge to carry out breaches.
Even major brands like M&S, Co-op, and Harrods have recently fallen victim. In Co-op’s case, the personal data of 6.5 million members was stolen.
