Firewall Daily

158‑Year‑Old UK Logistics Firm Collapses After Cyberattack

A cyberattack on KNP Logistics has forced the closure of the 158‑year‑old UK transport company, leaving approximately 700 staff without jobs. The breach, reportedly traced to the notorious Akira ransomware gang, stemmed from a single weak password, which hackers used to infiltrate systems, encrypt data, and effectively shut down operations. 

KNP Logistics Group, trading under the historic Knights of Old brand, operated a fleet of around 500 lorries and employed over 900 people across multiple depots. Despite standard cybersecurity measures and insurance in place, KNP could not recover from the cyberattack. 

Decoding the Cyberattack on KNP Logistics

The attackers accessed the KNP Logistics network by guessing an employee’s password, exploiting weak credentials and a lack of multi-factor authentication. A ransom note left by the Akira ransomware gang ominously stated: 

“If you’re reading this, it means the internal infrastructure of your company is fully or partially dead…Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue.” Although note did not name a specific ransom, cybersecurity negotiators estimated a demand of up to £5 million. Unable to meet these terms, KNP accepted total data loss and entered administration in September 2023, leading to 730 redundancies, with only 170 jobs preserved through a sale of Nelson Distribution, reported the BBC. 

KNP’s former co-owner, Paul Abbott, later revealed that the breach began with a brute-force attack against a single weak password. He noted that although the company had taken precautions like cybersecurity insurance, the lack of multi-factor authentication left them vulnerable. Even though they had backups and alternative workflows, the attackers destroyed critical financial records, preventing KNP from securing bridging loans or undergoing a viable sale. 

Broader UK Cyber Context

The KNP Logistics cyberattack is part of a troubling surge in high-profile cyber incidents across the UK in 2025. Notable cases include: 

These incidents have caused service disruptions, supply chain breakdowns, and compromised customer data, highlighting systemic vulnerabilities. The UK’s National Cyber Security Centre (NCSC) has made multiple advisories urging businesses, large and small, to upgrade defenses.

Conclusion

Despite having a £1 million cyber insurance policy, KNP was unable to recover, revealing the limitations of relying solely on insurance for cyber resilience. The company’s compromised backups further exposed flaws in its recovery planning.

Additionally, the lack of early visibility and transparency during the crisis reflects a broader issue, as many ransomware incidents go unreported. In response, the NCSC advises better cybersecurity measures, including network segmentation, regular patching, user education, and enhanced monitoring.

The collapse of this 158-year-old firm demonstrates that even long-standing enterprises can be brought down by basic security failures, and that proactive, layered defenses are now essential for survival.

Ashish Khaitan

Ashish is a technical writer at The Cyber Express. He adores writing about the latest technologies and covering the latest cybersecurity events. In his free time, he likes to play horror and open-world video games.

Recent Posts

AI Cyber Attacks Emerge as Biggest Threat to Indian Banking: RBI

The report noted that cyber risk has become a major financial stability concern as India's financial ecosystem becomes increasingly digital…

4 hours ago

Apple Security Update Patches 30+ Vulnerabilities in iOS 26.5.2

Apple said the flaws were addressed through improved memory management, input validation, bounds checking, and stronger security origin tracking.

1 day ago

Ukraine Makes History With First $8.3M Seized Crypto Transfer to ARMA

ARMA said receiving the cryptocurrency marks an important step in the evolution of Ukraine's asset management system.

1 day ago

U.S. Seizes Nearly 400 Illegal FIFA World Cup Streaming Domains

The domain seizure operation was coordinated with international partners through the International Computer Hacking and Intellectual Property (ICHIP) Network.

1 day ago

Operation Endgame Disrupts SocGholish, StealC Malware Networks

The operation forms part of Operation Endgame, described by Europol as the largest international initiative to disrupt ransomware enablers worldwide.

2 days ago

UAE Cybersecurity Council Calls for Stronger Digital Footprint Protection

The UAE Cybersecurity Council shares cybersecurity best practices to help users secure digital footprints and reduce cyberattack risks.

2 days ago

This website uses cookies. By continuing to use this website you are giving consent to cookies being used.

Read More