DailySun
The monochrome alert flashing across the screens sent ripples of apprehension through Knights of Old, a 158-year-old delivery business in the UK: “If you’re seeing this, it means the essential infrastructure of your company is wholly or partially compromised.”
Both Knights’ trucking management network and their payment booking system were severely hampered. Operating from 2,000 miles away, a Russian-linked hacking group known as Akira had disrupted the functions of Knights of Old and two affiliated trucking companies. To initiate negotiations, the assailants unleashed malicious software in June 2023, encrypting Knights’ files and threatening to disclose sensitive internal information online. According to Akira, paying a ransom would provide the company with a decryption key to restore access to the affected computers and servers.
ADVERTISEMENT
CONTINUE READING BELOW
“For now, let’s save emotional distress and anger for ourselves and strive to establish a constructive dialogue,” the group announced in a message displayed on Knights’ compromised systems. “We acknowledge the significant damage we have inflicted by locking your internal resources.”
Ransomware incidents surged by 70% in 2023 compared to the previous year, amounting to 4,611, as reported by the SANS Institute, a cybersecurity research and training entity. Since March 2023, Akira has targeted over 350 organizations, extorting approximately $42 million, according to reports from the US Federal Bureau of Investigation and analysis by Bloomberg. The hacking group, which maintains a website, did not respond to inquiries.
High-profile victims of Akira include Nissan Motor Co., Stanford University, and Yamaha Motor Co. Nonetheless, cybersecurity experts highlight that around 80% of their targets are small and medium-sized enterprises, primarily in North America and Europe. “No business can afford to ignore this threat, irrespective of its size,” asserts Paul Abbott, 58, co-owner of Knights.
As highlighted by the digital insurance firm Embroker, many smaller enterprises set their cybersecurity damage policy limits at approximately $1 million, roughly what Knights had in place. This sum could assist in covering ransom expenses and help recover compromised systems, but it frequently proves inadequate. The median ransom payment surged to $6.5 million in 2023, a stark jump from $335,000 the previous year, according to insurance broker Marsh & McLennan Cos.
Will Thomas, a cybersecurity expert observing Akira’s attacks, states that the group chooses targets by scanning for servers with outdated software and then exploitively infiltrates those systems. “What they do isn’t exceptionally complex or sophisticated,” explains Thomas. “Yet they are strikingly effective and utterly merciless.”
In 1865, William Knight began deliveries using a horse and cart in a village named Old, located about 80 miles north of London, leading to the establishment of Knights of Old, which is now headquartered in Kettering. Abbott, a local resident, was acquainted with the Knight family and joined Knights of Old at age 20. He began as a traffic manager, facilitating truck operations and assisting drivers and clients. Over time, Abbott advanced through the ranks, and by 2007, he and two partners, who did not respond to queries, became directors and co-owners. They later merged Knights with two other delivery businesses — Nelson Distribution and Steve Porter Transport — under the KNP Group banner.
At the time of the hacking incident, KNP boasted nearly £100 million ($126 million) in annual revenue, employing 900 people, operating seven depots, and managing 400 trucks. Knights was the largest and most established of the three companies, identifiable by its striking blue trucks adorned with the motto “Service With Honour” in bold yellow lettering, alongside an emblem featuring an armoured knight. The company serviced major clients like Penguin Random House LLC and Hachette Book Group, aiding in the distribution of millions of books for Amazon.com Inc. and other retailers. Earlier in 2023, KNP had leased a 140,000-square-foot warehouse in Luton, near London, in pursuit of expansion.
Having previously encountered computer issues, Abbott and his team had already established a backup operational method. They reverted to using paper tickets and job sheets for deliveries while utilizing mobile phones and Gmail.
Abbott had believed the company to be secure; just a month before the breach, he arranged a £1 million cyberattack policy through Aviva Plc, which chose not to provide comments. Management also facilitated cybersecurity training for staff and expended approximately £60,000 annually on a contractor for support. However, in the aftermath of the attack, Abbott indicated that the contractor, whose name he withheld, provided minimal assistance and “was clueless” regarding the next steps.
After the incident, Aviva coordinated a response team from security firm Solace Cyber to assist. The very next morning, they commenced a digital cleanup of all electronic devices — computers, laptops, and even photocopiers — connected to the company’s network. Paul Cashmore, managing director and co-founder of Solace, noted that the breach inflicted substantial damage. He recounted guiding Knights’ employees through a tumultuous emotional spectrum: “First came shock. Next was realization. Then it was managing the aftermath.” Solace currently deals with around two significant ransomware cases weekly, with no signs of a slowdown, Cashmore added.
ADVERTISEMENT:
CONTINUE READING BELOW
According to Abbott, Knights reached out to Coveware Inc., a US-based company specializing in negotiating with ransomware attackers. The firm, which did not offer comments, indicated that, given KNP’s size and revenue, the Akira group would likely demand a Bitcoin payment ranging from $2.7 million to $5.3 million. Law enforcement usually advises against paying ransoms as it promotes continued attacks. Furthermore, transferring cryptocurrency to these groups could violate existing sanctions against some involved criminals.
Abbott and his colleagues decided against negotiating with Akira or fulfilling any ransom demands, believing there was no guarantee that the data could be fully recovered, even with the decryption key. The hackers subsequently carried out their threat by releasing over 10,000 internal documents online, which primarily consisted of employee payroll records, invoices, and various financial documents.
The company worked diligently to restore its systems. Within days, Knights’ technicians had set up a new transport management framework and recovered an older version of the warehouse software. However, the financial management databases remained initially unrecoverable, as hackers had deleted another backup that had been intended for secure storage.
Faced with cash-flow issues, KNP sought a loan. Abbott mentioned that the bank would only extend it if the company could present the missing financial documents and performance reports. While awaiting an insurance payout, the co-owners attempted to sell the company. A European investor expressed strong interest but insisted that the three partners provide personal guarantees regarding the company’s finances due to the missing records, putting their homes and savings at stake. Unsurprisingly, they turned it down, as Abbott remarked, “My wife would have never permitted that, no matter how confident we felt about the business.”
On September 25, 2023, KNP Group filed for administration, akin to declaring bankruptcy in the UK. In Kettering, Abbott informed his employees of the unfortunate news, many of whom he had worked with for years. Another firm acquired one of KNP’s subsidiaries, Nelson Distribution, preserving around 170 jobs. However, the remaining 700 or so employees, primarily from Knights of Old, found themselves jobless. Jeff Maslin, a truck driver for Knights, shared that drivers are still owed weeks of unpaid wages. “I know people who lost their homes, their vehicles, and even faced divorces,” he states.
KNP later discovered that Akira had breached their systems using a method known as “brute forcing,” which employs software to make countless guesses to crack an employee’s password. Abbott suggested that more advanced security monitoring tools could have potentially detected the intrusion. “If you don’t have that, get it,” he advises other businesses.
Earlier this year, the administrators initiated procedures to sell Knights’ headquarters and other KNP assets. The truck fleet, mostly leased, has been returned. Ultimately, the insurer honored the £1 million policy payout, but it did not cover Knights’ losses during the administration period.
Now serving as a consultant for other logistics firms, Abbott has recently acquired a single truck and plans to start afresh. “I’ve had to rebuild my life,” he reflects. “I’ve lost everything.”
© 2024 Bloomberg
Stay informed on Moneyweb’s comprehensive finance and business news on WhatsApp here.
