150 Years and 700+ jobs lost: How a basic security flaw brought a UK logistics company to its knees

Knights of Old Group (KNP) was started in 1865. It survived the industrial revolution, two World Wars, Brexit, and COVID. But it couldn't survive a ransomware attack.

Because of a very basic security oversight, attackers gained access to KNP systems and quickly began deploying ransomware across their environment.

“If you’re reading this, it means the internal infrastructure of your company is fully or partially dead.”

-The message displayed from the Akira ransomware gang to KNP

KNP's network for managing trucks was down. So was their system for booking payments. And their customer, financial, and operational data was inaccessible - locked behind encryption that they couldn't break. They had backups, but the hackers had accessed those too. Then came the demand - millions of dollars to the ransomware gang in exchange for the decryption keys. Or else.

Because that is how cybercrime typically works. Ultimately, the criminals want to get paid, and they'll take the path of least resistance make that happen. If they can simply steal your money, they will. And if they can't steal it, they'll try to trick you into giving money to them. But sometimes it's scorched-earth and straight to extortion, leaving your business crippled...unless you fork over huge sums of cash.

But the worst part is that there is no guarantee that paying them will actually solve your problems. Cybercriminals aren't exactly known for honesty or reliability. And even if (and that's a big if) they do what they say they're going to do, you are still stuck trying to decrypt files and get your systems back online. And chances are, you're paying hundreds of dollars an hour to an incident response firm to help. It's a nightmare scenario.

For KNP, the nightmare was turning into reality. Even though they had cyber insurance, that coverage was only for $1 million - a drop in the bucket compared to their losses. And now the cybercriminals were threatening to post all of their sensitive information on the web as well. And KNP had little faith that paying them would actually solve their problems.

The Aftermath

Ultimately, KNP chose not to pay the ransom. And the ransomware gang published over 10,000 internal documents online, including employee payroll files and other pieces of sensitive financial information. KNP worked diligently to recover critical systems but soon found that their suspicions were correct and much of the critical data had been destroyed, not simply encrypted. There was no recovery. And there was no getting "back to business" either.

After 158 years, KNP was shutting their doors and headed for bankruptcy.

So what exactly happened? Well, the belief is that one of their employees had credentials leaked online that were then discovered by the ransomware gang. This put the blood in the water. And once the gang started targeting KNP, they discovered that KNP was susceptible to a brute-force password attack, meaning the cybercriminals could simply keep trying different password combinations until one worked. So they did. And one worked.

Could this have been prevented? Absolutely. And it isn't even a complicated threat to prevent. Brute-force attacks are oldschool - old enough that security professionals have been able to protect against them for decades. But KNP was decades behind.

What can you do?

Well that is the million (or multi-million dollar) question isn't it?

There are actually a multitude of different tools and techniques to help prevent these types of attacks. In fact, regulations like the FTC Safeguards Rule and NCUA Part 748 explicitly call out implementing controls like multi-factor authentication (MFA) and system monitoring, both of which can aid in preventing or at least detecting this exact scenario. And for security professionals, implementing these solutions is not overly complicated; we have the blueprint for success because this is what we do.

Our advice is to make sure you have Qualified Individual on board to build and maintain your security program. Not only is it best practice, but it's also a requirement to stay compliant with many security regulations.

Sales pitch incoming...

If you're looking for someone to build and manage your security program, Entoo Security can help. We offer a variety of managed security service options, along with a standalone program for FTC Safeguards Compliance. To learn more, schedule a consultation or contact us directly at sales@entoosecurity.com.