One weak password brought down a 158-year-old company

Shawn Knight

Shawn Knight

Posts: 15,669   +199
Staff member
In a nutshell: The 158-year-old firm had roughly 700 employees on its payroll and had industry standard security measures in place, including insurance against cyberattacks. But when a group of hackers managed to break into their system by guessing an employee password and encrypted all of their data, it was the end of the line for the trucking company.

A business is only as strong as its weakest link and when that weak point happens to be an employee's easy-to-guess password, the outcome can be devastating. Such was the case for KNP, a transport company that operated around 500 big rigs out of Northamptonshire.

The attackers didn't say how much the ransomware key would cost, but a specialist firm estimated it might cost KNP as much as five million pounds. Even with insurance, that was more than the company could pay. Ultimately, KNP shut down and hundreds of people were put out of a job.

KNP director Paul Abbott told the BBC that he never told the employee with the weak password that their compromised credentials led to the company's downfall. "Would you want to know if it was you?" he questioned.

Stories like KNP's are more commonplace than you might realize. Cybercriminals like those that hit KNP simply look for weak links in security. "They're just constantly finding organizations on a bad day and then taking advantage of them," a National Cyber Security Center team member named "Sam" (not his real name) said.

Part of the problem, Sam added, is that there are a lot of attackers. According to the UK government's cyber-security survey, there were an estimated 19,000 ransomware attacks on local businesses last year. The average ransom is around four million pounds and around one in three companies simply pay up to keep the ship afloat.

Despite multiple layers of protection, the problem is only growing. Suzanne Grimmer, who runs a team at the National Crime Agency, said the number of attacks have nearly doubled over the past two years. "If it continues, I predict it's going to be the worst year on record for ransomware attacks in the UK," Grimmer added.

As for Abbott, he now spends his time warning other companies about the dangers posed by cyber criminals.

Image credit: Jason Mitrione, FlyD

Permalink to story:

One weak password brought down a 158-year-old company

 
The only area where we really need AI is security, and to track down those bastards, because it is no longer possible to do manually.
 
They may have had industrial security but if 1 weak password bought down the company it sounds like they didn't have 2-FA in place or enabled. This is one of the reasons 2FA exists so a weak password doesn't compromise the whole system.
 
  • Like
Reactions: RudyBob and Theinsanegamer
llamapanda said:
Pulling the plug and restoring from the most recent backup then spending a few days firefighting was too much effort I guess.
Click to expand...
My best guess is that the hackers somehow compromised the backups too. Otherwise the ransom is too much money.

But I do wonder how this was done because backups being deleted or destroyed is semi terrifying.
 
I wonder if there's more to this story. Ultimately their value is in hauling goods from place to place, and they still had trucks, truckers, and customers who knew about them even if they no longer had their numbers. Even if the situation required starting from literally zero records it feels like the current and future could be re-established with consequences short of losing the entire company.
 
ScottSoapbox said:
My best guess is that the hackers somehow compromised the backups too. Otherwise the ransom is too much money.

But I do wonder how this was done because backups being deleted or destroyed is semi terrifying.
Click to expand...
I've been sent to an emergency before, not a client, but contacted us for emergency help as we were a close IT firm, and they had their backups stored on a local NAS, that replicated to an offsite NAS.

But both sites were flat networks, security didn't really exist in any of the setup, the domain administrator account was used for access to the NAS shares for example, and that's the same account the backup software used to access everything.

Once the hackers got hold of that password, they deleted everything they could from the backups.

What was interesting though and the reason I bring it up here, I didn't want to name Synology, but it's worth putting out and apparently, this is fixed in newer firmware releases, but on the firmware this company was on, the hackers had logged into the NAS's with some engineering account and completely hard reset both NAS's.

That didn't delete the data on the drives, I was able to re-setup the NAS's, it discovered the existing RAID and put itself back together again, the hackers did a poor job of deleting the backups, they logged into the software (Veeam) and deleted the backup jobs etc... but didn't check Veeam had actually deleted the data, which it hadn't luckily for me. Then I just restored everything to a new Azure environment that was actually locked down.
 
You must log in or register to reply here.

Similar threads

S
Worldwide cyberattack underway as hackers exploit Microsoft SharePoint zero-day vulnerability
Replies
1
Views
9
wiyosaya
wiyosaya
Daniel Sims
McDonald's AI hiring chatbot exposed data of 64 million applicants with "123456" password
Replies
10
Views
91
ScottSoapbox
S
Shawn Knight
SilverStone's Seta H2 is a monster PC case with room for 15 drives
Replies
14
Views
109
Thrackerzod
Thrackerzod

Latest posts

Back