The tangible repercussions of a cyber attack have come to light as administrators of KNP Logistics Group, a haulage company based in Kettering, disclosed that a ransomware attack in June 2023 played a significant role in the company’s insolvency declaration on Monday.
One of the joint administrators is quoted in the local press as saying “Despite being one of the UK’s largest privately owned logistics groups, KNP fell victim to a ransomware attack earlier this year that caused significant disruption. Against a backdrop of challenging market conditions and without being able to secure urgent investment due to the attack, the business was unable to continue.”
How were they Attacked?
It appears that KNP Logistics was a victim of Akira, a relatively new type of ransomware that first came to public attention in March this year. The ransom group infiltrates hacked corporate networks and exfiltrate data, once they believe they have stolen enough information they will trigger the ransomware’s encryption routine and extort payment from the victim.
In May, it was discovered that Akira targeted compromised Cisco VPNs to breach corporate networks without requiring access through backdoors or setting up persistence mechanisms. According to Bleeping Computer, the hackers were able to access Cisco VPN accounts that lacked Multi-factor authentication. The cybercrime group found breached account details and passwords on the dark web, providing them with an easy access point. Once they obtained the account details, the group used a legitimate software called RustDesk to gain undetected and stealthy remote access to compromised computers. While it is unclear how Akira accessed KNP’s systems, it is highly likely that this or a similar method was the hackers’ entry method.
This incident underscores the devastating impact a cyber attack can have on a company. KNP Logistics, renowned as one of the UK’s largest logistics companies with a reported turnover of around £100 million in 2022, employed over 730 drivers and staff. It serves as a wake up call for companies to prioritise robust security measures and maintain their vigilance in regularly updating them.