In an age of relentless cybercrime, one weak password was all it took to destroy a 158-year-old logistics company and leave 700 employees jobless. The story of KNP Logistics, formerly known as Knights of Old, is a chilling reminder of the growing power of ransomware gangs—and the vulnerabilities of modern businesses.
A Single Breach, Total Collapse
In 2023, KNP operated over 500 trucks across the UK, with industry-compliant IT systems and cyber insurance in place. But those defenses weren’t enough. Hackers—believed to be part of the Akira ransomware gang—gained access by guessing an employee’s password. Once inside, they encrypted all company data and demanded a ransom.
“If you’re reading this, it means the internal infrastructure of your company is fully or partially dead,” read the ransom note. “Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue.”
No ransom amount was specified, but specialists estimated the demand at up to £5 million—far more than KNP could afford. With its data irretrievably lost, the company was forced to shut down, sending hundreds into unemployment.
KNP director Paul Abbott has not told the employee believed responsible for the compromised password.
“Would you want to know if it was you?” he asked.
Ransomware in the UK: A Growing Epidemic
KNP is far from an isolated case. High-profile British brands like M&S, Co-op, and Harrods have also suffered major breaches. The Co-op’s CEO recently confirmed that 6.5 million customer records had been stolen in a cyberattack.
According to the UK government’s cybersecurity survey, an estimated 19,000 ransomware attacks targeted UK businesses last year alone. Industry reports put the average ransom demand at £4 million, and one in three companies simply pays up.
Richard Horne, CEO of the National Cyber Security Centre (NCSC), emphasizes:
“We need organisations to take steps to secure their systems, to secure their businesses.”
Inside the Fight: The NCSC and NCA on the Front Lines
The NCSC, part of GCHQ, responds to a major cyberattack every day. With exclusive access granted to the BBC’s Panorama, cybersecurity agents described how they attempt to detect and block hackers before ransom software is deployed.
But the challenge is enormous.
“They’re just constantly finding organisations on a bad day,” says “Sam”, a member of the NCSC’s cyber defense team.
“Part of the problem is there’s a lot of attackers. There’s not that many of us.”
The National Crime Agency (NCA) is tasked with pursuing the criminals. According to Suzanne Grimmer, head of a specialist unit:
“Hacking is on the rise because it’s so lucrative. And it’s easier than ever—sometimes all it takes is a phone call to an IT helpdesk.”
M&S, for instance, was hacked using simple social engineering tactics, leading to disrupted deliveries and customer data theft.
A National Security Threat
Ransomware isn’t just a corporate problem—it’s a national one.
“It’s a national security threat in its own right,” says James Babbage, Director General (Threats) at the NCA. He warns of a new generation of hackers who migrate from online gaming to cybercrime, using dark web tools to lock systems and extort money.
In December 2023, Parliament’s Joint Committee on the National Security Strategy warned of a “catastrophic ransomware attack at any moment.” The National Audit Office later confirmed the threat to the UK is severe and rapidly evolving.
Rethinking Cybersecurity: A “Cyber-MOT” for Businesses?
Paul Abbott now travels the country, urging companies to rethink cybersecurity:
“There needs to be rules that make you much more resilient to criminal activity.”
He envisions a mandatory “cyber-MOT”—a check-up to ensure businesses have up-to-date protections.
But many companies still choose to pay, rather than report the crime.
“This is organised crime,” says Paul Cashmore, a cyber specialist who advised KNP. “There is very little progress in catching the perpetrators, but it’s devastating.”
Final Thoughts: Prevention Is the Only Defense
As ransomware becomes more profitable, more automated, and more socially engineered, the only sustainable strategy is prevention. That means stronger passwords, mandatory two-factor authentication, employee training, and real-time threat monitoring.
Because for many companies, one password is all it takes.
