A 158-year-old UK transport company, KNP, collapsed after falling victim to a ransomware attack that likely began with a single weak employee password. The hackers, believed to be part of the Akira group, accessed the company’s systems, encrypted its data, and demanded a ransom estimated at £5 million. Unable to pay, KNP lost all its data and was forced to shut down, leaving 700 people unemployed.

The case highlights the growing threat of ransomware, which the UK’s National Cyber Security Centre (NCSC) and National Crime Agency (NCA) describe as a national security risk. Despite having industry-standard IT systems and cyber insurance, KNP couldn’t withstand the impact of the attack. Experts say that hackers are increasingly using social engineering tactics, like tricking help desks, making it easier for less technically skilled criminals to carry out attacks.

Incidents like this are becoming more common, with the NCA reporting 35 to 40 ransomware attacks per week, nearly double from two years ago. High-profile companies such as M&S, Co-op, and Harrods have also been affected, and there are concerns that many businesses, facing devastating consequences, choose to quietly pay ransoms rather than report the crime.

Authorities are pushing for stronger cybersecurity practices, including proposals to ban ransom payments by public bodies and require companies to report attacks. KNP’s director, Paul Abbott, now warns others about the importance of cyber resilience and advocates for mandatory cybersecurity checks, likening them to a “cyber-MOT.” Despite these efforts, officials admit that progress in catching perpetrators remains slow, while ransomware continues to spread rapidly and profitably.