News 158-year-old company forced to close after ransomware attack precipitated by a single guessed password — 700 jobs lost after hackers demand unpayab...

[Admin]

The 158-year established Knights of Old transportation company has collapsed in the wake of a ransomware attack, with 700 jobs lost.

158-year-old company forced to close after ransomware attack precipitated by a single guessed password — 700 jobs lost after hackers demand unpayab... : Read more

 

[rluker5]

Would have been nice to have had it backed up.

 

[vanadiel007]

I feel something is missing from this story.
I don't see why a Company that employs 700 people and obviously has a large numbers of assets, would not be able to raise $6 million USD and instead choose to collapse.

 

[BladePocok]

I feel something is missing from this story.
I don't see why a Company that employs 700 people and obviously has a large numbers of assets, would not be able to raise $6 million USD and instead choose to collapse.

Something like an insurance fraud type of deal? That could be nasty.

 

[lmcnabney]

All thanks to crypto.

That is the means that hackers can demand ransom. Without it ransomware wouldn't be a thing.

 

[logainofhades]

All thanks to crypto.

That is the means that hackers can demand ransom. Without it ransomware wouldn't be a thing.

Ransomware was a thing long before crypto. First known one was in like 1989.

 

[MrQew]

I feel something is missing from this story.
I don't see why a Company that employs 700 people and obviously has a large numbers of assets, would not be able to raise $6 million USD and instead choose to collapse.

Ya, it makes no sense as you can hobble along without your data, rebuild. There is absolutely something happening at that company they don't want people to know about. Also the claim that a random employees password was guessed AND he had full access to everything? The biggest issue with ransomware is that they usually install something, it's very rare that they try to hack a password. I hope the authorities investigate as it sounds like some shady stuff

 

[TerryLaze]

I feel something is missing from this story.
I don't see why a Company that employs 700 people and obviously has a large numbers of assets, would not be able to raise $6 million USD and instead choose to collapse.

They can also keep the assets and start again without spending the 6mil.
Unless the name alone is worth 6mil to them.

 

[DS426]

There's definitely some things missing from this story. For one, was the company already on the brink of collapse? Ransomware gangs research companies' finances and tend to base their ransom demand somewhat accordingly -- often around 3% of annual revenue. Even if it's higher, a trucking company won't have huge legal fees and fines due to a sprawling sensitive data breach like say a financial institution or hospital would. And heck, I know it might be difficult to go to the bank to get a loan to pay a ransomware extortion, but it could/would be frame instead as one to simply cover operational or capital costs?

No data backups though... yeah, that's a crime in itself.

I fully appreciate not wanting to reward cybercriminals for an act like this -- I'm a big proponent of not paying unless absolutely necessary (no data backups would be one case). My heart goes out to all those who lost their job literally overnight. Hopefully the company's leadership will both help employees find jobs as well as coordinate with other trucking companies to somewhat transfer contracts and relationships to other logistics companies. In times like this, there's almost always orgs that step up and say "please apply here."

As for Akira, yeah, they're a nasty one. VMware ESXi environments tend to get targeted as in the past, they couldn't run EDR and many other popular security tools due to how VMware had it locked down and also naturally being a bare-metal hypervisor. I think that's started to change recently by enhancing support for third-party integrations, but too little too late IMO!

 

[DS426]

...The biggest issue with ransomware is that they usually install something, it's very rare that they try to hack a password. I hope the authorities investigate as it sounds like some shady stuff

I wouldn't say it's rare that they try to crack a password; they have several different means available besides pure-guessing brute force, such as dictionary attacks, password spraying, and credential stuffing. There's usually an account that's compromised that results in further attempts to move laterally and acquire elevated permissions i.e. admin. Even if malware begins the process of remote access and persistence, higher-privilege accounts need to compromised to provide the most effective result of the attack.

Passwords are the single biggest drag on computer security. Most data breaches involve at least one compromised account [password] along the way, including whether MFA is enabled (could be MFA bombing, phishing that intercepts MFA credentials, session token theft, etc.).

 

[King_V]

Just to address this point, there were backups, but:

According to Paul Cashmore of Solace, the team quickly determined that all of KNP's data had been encrypted, and all of their servers, backups, and disaster recovery had been destroyed.

 

[USAFRet]

Just to address this point, there were backups, but:

And that was not a proper full backup routine.

Off line or otherwise inaccessible is the 3rd state of backups.

 

[JeffFromOH]

I'd say multiple things failed here. The password yes, but also a lack of a backup and disaster recovery plan.

The truth is: Small Businesses should NOT do their own IT. They should outsource to a large, well-resourced IT consultancy. For one thing, the IT consultancy should be more likely to make sure everything is done right - proper backups and DR, proper passwords, proper intrusion detection, proper firewalls and vpns, etc.

But, also, if they screw up, then the small business has someone to sue for damages. Right now, Knights of Old was left holding the bag, with no one to sue other than the criminals who will likely never be found, and even if they are identified, are probably in a foreign jurisdiction well beyond the reach of UK law.

It's true that a small business will have to pay some real money for the IT consultancy to do all this for them. Cost of business. Instead, they are paying the cost of going out of business.

 

[SkyBill40]

And that was not a proper full backup routine.

Off line or otherwise inaccessible is the 3rd state of backups.

I was just looking for you and trying to remember... who is that mod with the backup truck and missile attack picture?

 

[DS426]

And that was not a proper full backup routine.

Off line or otherwise inaccessible is the 3rd state of backups.

^ Exactly. If an individual or org doesn't have an offline backup, all those warm backups are effectively more like redundant data.

The 3-2-1 backup strategy has been around forever and is proven effective:

Backup Strategies: Why the 3-2-1 Backup Strategy is the Best

A Backblaze survey revealed 54% of people said they know someone or have themselves recently lost data. Find out what you can do to prevent data loss.

www.backblaze.com

It can be enhanced but serves as a pretty good bare-minimum.

As for small businesses not having internal IT: this depends on a lot of things, from employee count, to nature of the business. Very small businesses should have everything outsourced, yes. MSP's do a great job from a single-person business owner to servicing companies with hundreds of thousands of employees and billions of dollars in annual revenue.

Now, things get trickier when looking somewhere in between small and medium-sized businesses: the age-old question of "[when] are we big enough to hire our own in-house IT staff?" and from there, the right growth points to hire additional internal IT pros and what roles, talent, and curiosities (e.g. cybersecurity curiosities) to hire. It's also tricky getting ones with decent security credentials as they are going to be more in-demand OR too specialized for SMB's.

 

[Zod199]

I've got NO sympathy for companies that this happens to. There is no excuse to allow this to happen and while yes, that one employee who's password got hacked, that's fully on the company for not enforcing a complex password requirement with regular password changes. There's no reason why a compromised password was still active for longer than 90 days..and there's no reason a simple user password has that level of access to critical company data; especially when companies like Microsoft REQUIRE multi-factor authentication in order to DO ANYTHING! So yeah...if this company...this 158 year company fails due to this, then it deserves to die. They were not adding value anyways.

 

[snemarch]

that's fully on the company for not enforcing a complex password requirement with regular password changes.

Eh, stupid complexity rules and expire requirements haven't been best practice for a while, since it leads to users choosing less secure passwords. Proper MFA and zero-trust networking setup, please.

and there's no reason a simple user password has that level of access to critical company data

Transport company. Probably running a bunch of old systems (that obviously shouldn't have been exposed, but hey - this is the real world). Infection, lateral movement, use whatever tricks of the trade to escalate privilege.

So yeah...if this company...this 158 year company fails due to this, then it deserves to die.

I hope you have the same attitude when somebody gets into your network.

 

[LordVile]

I feel something is missing from this story.
I don't see why a Company that employs 700 people and obviously has a large numbers of assets, would not be able to raise $6 million USD and instead choose to collapse.

Depends how much liquidity they had and even so they shouldn’t have to

 

[LordVile]

I've got NO sympathy for companies that this happens to. There is no excuse to allow this to happen and while yes, that one employee whose password got hacked, that's fully on the company for not enforcing a complex password requirement with regular password changes. There's no reason why a compromised password was still active for longer than 90 days..and there's no reason a simple user password has that level of access to critical company data; especially when companies like Microsoft REQUIRE multi-factor authentication in order to DO ANYTHING! So yeah...if this company...this 158 year company fails due to this, then it deserves to die. They were not adding value anyways.

More complicated systems have been hacked nothing is bulletproof in cybersecurity

 

[vanadiel007]

There is more to this story: https://www.bbc.com/news/uk-england-northamptonshire-66927965

KNP Logistics Group was formed in 2016 when Knights of Old merged with Derby-based Nelson Distribution Limited, including Isle of Wight-based Steve Porter Transport Limited and Merlin Supply Chain Solutions Limited, located in Islip and Luton.
All but 170 of the group's employees have been made redundant, with the exception of Nelson Distribution Limited - which has been sold - and a small group of staff retained to assist in the winding-down of its operations.
Knights of Old started out as a single horse and cart in 1865 and is one of the UK's largest privately owned logistics companies.

"Against a backdrop of challenging market conditions and without being able to secure urgent investment due to the attack, the business was unable to continue. We will support all affected staff through this difficult time."

Sounds to me like they were taking over, stripped of their assets and moved into a different company, and now due to to "super unfortunate cyber attack" thrown to the curb.

They had 500 trucks according to the article, that alone has a value of what, $250 million USD? There's no way they were unable to secure capital to keep operating...

 

[GenericUsername109]

This makes no sense what so ever. Why would a hacker group destroy a company, rather than request whatever little ransom the company could safely afford? Sounds more like an excuse to me.

 

[das_stig]

I feel something is missing from this story.
I don't see why a Company that employs 700 people and obviously has a large numbers of assets, would not be able to raise $6 million USD and instead choose to collapse.

Many transport companies operate on thin margins and make only small profits, being hit with £5m demand is a company killer.

 

[das_stig]

This makes no sense what so ever. Why would a hacker group destroy a company, rather than request whatever little ransom the company could safely afford? Sounds more like an excuse to me.

They are scum and the small amount of time they invest in cracking a company is a big pay day and to hell with compassion for their lives they destroy.

 

[TerryLaze]

They are scum and the small amount of time they invest in cracking a company is a big pay day and to hell with compassion for their lives they destroy.

Yeah, but the point is that they aren't getting any pay day in this case because they asked for too much....

 

[Flayed]

I feel something is missing from this story.
I don't see why a Company that employs 700 people and obviously has a large numbers of assets, would not be able to raise $6 million USD and instead choose to collapse.

Brexit hurt the transport and logistics industry, so I'm not surprised.