A cyberattack on KNP Logistics has forced the closure of the 158‑year‑old UK transport company, leaving approximately 700 staff without jobs. The breach, reportedly traced to the notorious Akira ransomware gang, stemmed from a single weak password, which hackers used to infiltrate systems, encrypt data, and effectively shut down operations.
KNP Logistics Group, trading under the historic Knights of Old brand, operated a fleet of around 500 lorries and employed over 900 people across multiple depots. Despite standard cybersecurity measures and insurance in place, KNP could not recover from the cyberattack.
Decoding the Cyberattack on KNP Logistics
The attackers accessed the KNP Logistics network by guessing an employee’s password, exploiting weak credentials and a lack of multi-factor authentication. A ransom note left by the Akira ransomware gang ominously stated:
“If you’re reading this, it means the internal infrastructure of your company is fully or partially dead…Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue.” Although note did not name a specific ransom, cybersecurity negotiators estimated a demand of up to £5 million. Unable to meet these terms, KNP accepted total data loss and entered administration in September 2023, leading to 730 redundancies, with only 170 jobs preserved through a sale of Nelson Distribution, reported the BBC.
KNP’s former co-owner, Paul Abbott, later revealed that the breach began with a brute-force attack against a single weak password. He noted that although the company had taken precautions like cybersecurity insurance, the lack of multi-factor authentication left them vulnerable. Even though they had backups and alternative workflows, the attackers destroyed critical financial records, preventing KNP from securing bridging loans or undergoing a viable sale.
Broader UK Cyber Context
The KNP Logistics cyberattack is part of a troubling surge in high-profile cyber incidents across the UK in 2025. Notable cases include:
- The Marks & Spencer cyberattack
- Co-op, which experienced a breach affecting member data
- Peter Green Chilled, a major supermarket supplier hit by ransomware
- Pearson, which suffered a data breach in May
- National Defense Corporation, which lost 4.2 TB of data in a March ransomware incident
These incidents have caused service disruptions, supply chain breakdowns, and compromised customer data, highlighting systemic vulnerabilities. The UK’s National Cyber Security Centre (NCSC) has made multiple advisories urging businesses, large and small, to upgrade defenses.
Conclusion
Despite having a £1 million cyber insurance policy, KNP was unable to recover, revealing the limitations of relying solely on insurance for cyber resilience. The company’s compromised backups further exposed flaws in its recovery planning.
Additionally, the lack of early visibility and transparency during the crisis reflects a broader issue, as many ransomware incidents go unreported. In response, the NCSC advises better cybersecurity measures, including network segmentation, regular patching, user education, and enhanced monitoring.
The collapse of this 158-year-old firm demonstrates that even long-standing enterprises can be brought down by basic security failures, and that proactive, layered defenses are now essential for survival.
