Andi's writeup

A weak employee password led to the collapse of KNP, a 158-year-old British transport company, after hackers from the Akira ransomware group gained access to their systems in 2023[^1]. The attackers encrypted the company's data and left a ransom note stating "If you're reading this, it means the internal infrastructure of your company is fully or partially dead"[^2].

Unable to pay the estimated £5 million ransom demand, KNP lost all its financial records and operational data[^1]. Despite having cybersecurity insurance and industry-standard IT protections, the company went into administration three months after the attack, resulting in 730 job losses[^3].

"We need organisations to take steps to secure their systems, to secure their businesses," said Richard Horne, CEO of the National Cyber Security Centre[^1]. The hackers gained entry through a "brute force" attack by guessing one employee's password - a person who was never told they were the weak link that led to the company's demise[^4].

[^1]: Weak password allowed hackers to sink a 158-year-old company - BBC

[^2]: The Times - My company thrived for 150 years

[^3]: The Straits Times - How a ransomware attack caused a British company to go bust

[^4]: The Times - My company thrived for 150 years