It may just be a recurring nightmare for me, but one employee's weak password has led to the close of an entire company. According to the , that's all it took to take down the 158-year long running transportation firm in the United Kingdom when the password was merely guessed, granting criminals access to the company's systems back in 2023.
It seems the unnamed employee chose the password equivalent of a wet paper bag for a password which has now left around 700 people without jobs. That's the current story around the close of Knights of Old, a Northamptonshire transport company owned by KNP.
Reports tell that after accessing the systems hackers then encrypted and locked integral operational data and systems, and then demanded a ransom for its return. The attacks are likely using the Akira ransomware as a service group. All in all, it's a pretty standard affair from a ransomware attack. Even the estimated up to £5 million demanded fee is in line with attacks of this nature.
“If you're reading this it means the internal infrastructure of your company is fully or partially dead… Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue,” reads the ransom note, according to the BBC report.
Shared passwords or admin rights where they shouldn’t be could lead to this exact situation where the backups are compromised and then the primary copy is ruined on purpose by the attackers.
James Clifford, Pro IT Consulting
"Store backups in an appropriate location that is environmentally protected, physically distinct from the source data in order to prevent total data loss, and securely accessed for maintenance purposes" reads the
There's so much to this story that I reached out to a local cybersecurity expert James Clifford who's also the director of his own company , to ask some questions. I wanted to know how likely it was that a company this large could be taken out by a single cyber attack, especially given everything appeared to be up to code. The answer seems to be—more likely than you think.
"A 700 vehicle transport company probably only had 20-50 admin staff with limited technology exposure. Shared passwords or admin rights where they shouldn’t be could lead to this exact situation where the backups are compromised and then the primary copy is ruined on purpose by the attackers." explains Clifford "At the very least it should have taken MFA bypass and work by the attacker to get the admin rights needed to delete backups."
But even if a shared password wasn't the culprit, even a previous login from an admin could have been enough to take down KNP. "If it was a Windows network then just having an admin previously logged in to a machine with admin rights can be enough to have those admin rights stolen, which means losing a password becomes only a step away from giving up admin rights to everything."
This brought me to the backups that should have been in place, including those completely isolated from the system. Clifford explained that backups often don't go the way we hope in the security space. They're easy to corrupt, aren't often tested enough, and are generally not done properly due to misinterpretations of the rules. But, as it turns out, criminals are also just really clever.
"Should they(KNP) have been more careful, yes." Clifford said, agreeing with the importance of good backuping procedures and security hygiene, before adding "But without the details of what the attackers did it is hard to be too critical. I’ve heard cases where the attackers sucked in staff with potential job offers and got them to run code as part of a “test” and then the attackers had all they needed to do a lot of damage."
And even isolated backups aren't enough in the case of really savvy hackers as Clifford explains, "If they (KNP) had isolated backups that might have got them back, but you have to connect them to get new backups which is when attackers can ruin them. So you get a backup that isn’t useful if they are stealthy during the setup phase of the attack.
"Then when the attackers are sure they have ruined your recovery capability, they kick off the ransomware. Then you are a bit stuffed because your isolated copies aren’t helpful and you probably haven’t tested them in a year or more because it is hard and expensive."
Whether it's a misunderstanding about security procedures, really craft criminals, or actual incompetence is unclear, but Clifford didn't seem too surprised by all this. "Lots of mainstream stuff misses some of the basics." he said adding "The story suggests a lack of MFA which refutes the 'we take security seriously' narrative that is so common".
The other interesting thing to note about the UK is they are still working to tighten up their cyber laws. There remain gaps in practices and regulation that allow exploits to continue to happen.
James Babbage, Director General (Threats) at the NCA, told the BBC that these crimes have the hallmarks of the next generation of hackers, who have started "getting into cybercrime probably through gaming" adding "They're recognising that their sort of skills can be used to con help desks and the like into getting them access into companies."
It's a good time to remind folks that gaming can lead to the inverse of hacking skills. I would have basically no clue how to hack a system, but I've lost 100s of hours in save files enough times now, so my backup skills are fairly solid. Who knows, if a few more CEOs and security professionals knew the pain of losing their favourite Skyrim save, maybe this never would have happened.
👉👈
1. Best gaming chair:
2. Best gaming desk:
3. Best gaming headset:
4. Best gaming keyboard:
5. Best gaming mouse:
6. Best PC controller:
7. Best steering wheel:
8. Best microphone:
9. Best webcam: