A cyberattack on KNP Logistics has forced the closure of the 158‑year‑old UK transport company, leaving approximately 700 staff without jobs. The breach, reportedly traced to the notorious Akira ransomware gang, stemmed from a single weak password, which hackers used to infiltrate systems, encrypt data, and effectively shut down operations.
KNP Logistics Group, trading under the historic Knights of Old brand, operated a fleet of around 500 lorries and employed over 900 people across multiple depots. Despite standard cybersecurity measures and insurance in place, KNP could not recover from the cyberattack.
The attackers accessed the KNP Logistics network by guessing an employee’s password, exploiting weak credentials and a lack of multi-factor authentication. A ransom note left by the Akira ransomware gang ominously stated:
“If you’re reading this, it means the internal infrastructure of your company is fully or partially dead…Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue.” Although note did not name a specific ransom, cybersecurity negotiators estimated a demand of up to £5 million. Unable to meet these terms, KNP accepted total data loss and entered administration in September 2023, leading to 730 redundancies, with only 170 jobs preserved through a sale of Nelson Distribution, reported the BBC.
KNP’s former co-owner, Paul Abbott, later revealed that the breach began with a brute-force attack against a single weak password. He noted that although the company had taken precautions like cybersecurity insurance, the lack of multi-factor authentication left them vulnerable. Even though they had backups and alternative workflows, the attackers destroyed critical financial records, preventing KNP from securing bridging loans or undergoing a viable sale.
The KNP Logistics cyberattack is part of a troubling surge in high-profile cyber incidents across the UK in 2025. Notable cases include:
These incidents have caused service disruptions, supply chain breakdowns, and compromised customer data, highlighting systemic vulnerabilities. The UK’s National Cyber Security Centre (NCSC) has made multiple advisories urging businesses, large and small, to upgrade defenses.
Despite having a £1 million cyber insurance policy, KNP was unable to recover, revealing the limitations of relying solely on insurance for cyber resilience. The company’s compromised backups further exposed flaws in its recovery planning.
Additionally, the lack of early visibility and transparency during the crisis reflects a broader issue, as many ransomware incidents go unreported. In response, the NCSC advises better cybersecurity measures, including network segmentation, regular patching, user education, and enhanced monitoring.
The collapse of this 158-year-old firm demonstrates that even long-standing enterprises can be brought down by basic security failures, and that proactive, layered defenses are now essential for survival.
The operation forms part of Operation Endgame, described by Europol as the largest international initiative to disrupt ransomware enablers worldwide.
The UAE Cybersecurity Council shares cybersecurity best practices to help users secure digital footprints and reduce cyberattack risks.
The MDA hack saw hackers deface the Meerut Development Authority website with pro-Pakistan messages, prompting a police probe and shutdown.
The two men were arrested by the Lincoln Police Department during an ATM jackpotting incident in October 2024.
This weekly roundup covers the Five Eyes AI warning, TfL cyberattack, KDDI breach, Garfield AI legal milestone, and FBI cybercrime…
A threat actor exploited CVE-2026-20245 in Cisco Catalyst SD-WAN Manager to gain root access, steal data, and erase forensic evidence.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More