Zoonop

700 Jobs Lost as 158-Year-Old KNP Logistics Collapses After £5 Million Akira Ransomware Attack

Image for 700 Jobs Lost as 158-Year-Old KNP Logistics Collapses After £5 Million Akira Ransomware Attack

Northamptonshire, UK – KNP Logistics Group, a venerable 158-year-old British transport company, ceased operations in 2023 following a devastating ransomware attack by the Akira group, resulting in the loss of 700 jobs. The attack, which encrypted all company data and backups, exploited a single account lacking multi-factor authentication, highlighting a critical cybersecurity vulnerability. The incident serves as a stark warning to businesses about the escalating threat of cybercrime.

The collapse of KNP Logistics, which operated under the well-known Knights of Old brand with a fleet of 500 lorries, underscores the fragility of even long-established companies in the face of modern cyber threats. According to the original tweet by Bob Gourley, the company "found that out the hard way in 2023, when the Akira ransomware group found one account that did not have multi-factor authentication and used that as an entry point to their IT." This single point of failure allowed the attackers to paralyze the entire operation.

Once inside KNP's systems, the Akira ransomware group encrypted all critical data and backups, rendering them irrecoverable. The ransom note left by the attackers chillingly stated, "If you're reading this it means the internal infrastructure of your company is fully or partially dead…Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue." While no specific amount was named, specialist negotiation firms estimated the demand could have been as high as £5 million, a sum KNP could not afford.

Akira ransomware, active since March 2023, is known for exploiting vulnerabilities in systems lacking multi-factor authentication (MFA) and VPNs, often using compromised credentials to gain initial access. Once established, the group typically exfiltrates data for double extortion before encrypting systems and deleting shadow copies to prevent recovery. The FBI, CISA, and Europol have issued advisories highlighting Akira's tactics, which include credential dumping and rapid deployment of encryption.

The KNP incident is not isolated, reflecting a broader trend of rising ransomware attacks in the UK. The National Cyber Security Centre (NCSC) reports dealing with a major attack daily, with approximately 19,000 ransomware attacks on UK businesses last year. Richard Horne, CEO of the NCSC, emphasized the urgent need for organizations to secure their systems. Paul Abbott, a KNP director, now advocates for mandatory "cyber-MOT" audits for businesses to ensure robust IT protection.

The human cost of the attack was profound, with 700 employees losing their livelihoods. Director Paul Abbott revealed the emotional toll, stating he had not informed the employee whose compromised password likely led to the company's destruction, asking, "Would you want to know if it was you?" This highlights the immense pressure and blame associated with cybersecurity failures, even when they stem from systemic vulnerabilities like inadequate MFA.