Ransomware Gangs’ Relentless Attacks Deplete Resources of Small Businesses

The flashing monochrome alert on screens triggered a wave of panic among Knights of Old, a 158-year-old delivery company in the UK: “If you’re reading this, it means that the essential infrastructure of your enterprise is either entirely or partially inoperative.”

The trucking management network of Knights was rendered inoperable, as was their payment booking system. Operating from a distance of 2,000 miles, a hacking group tied to Russia, known as Akira, had disrupted the computers at Knights of Old and two affiliated trucking companies. To initiate negotiations, the attackers unleashed malicious software in June 2023, which encrypted Knights’ files and threatened to expose sensitive internal data online. According to Akira, paying a ransom would grant the company a decryption key to unlock the compromised computers and servers.

ADVERTISEMENT

CONTINUE READING BELOW

“For the moment, let us save our tears and bitterness for ourselves and strive for a constructive conversation,” the group communicated in a message on Knights’ compromised systems. “We are aware of the damage we have inflicted by locking your internal resources.”

Ransomware incidents soared by 70% in 2023 compared to the prior year, totaling 4,611 cases, according to the SANS Institute, a cybersecurity research and education organization. Since March 2023, Akira has targeted more than 350 organizations, extorting approximately $42 million, based on reports from the US Federal Bureau of Investigation and analysis by Bloomberg. The hacking group operates a website but did not respond to inquiries.

Among Akira’s notable victims are Nissan Motor Co., Stanford University, and Yamaha Motor Co. However, cybersecurity experts emphasize that around 80% of Akira’s targets are small to medium-sized enterprises, mainly in North America and Europe. “No business can ignore this threat, regardless of size,” asserts Paul Abbott, 58, co-owner of Knights.

According to digital insurance provider Embroker, most smaller businesses establish cybersecurity damage policy limits around $1 million, an amount that Knights had in place. This sum could help cover ransom payments and assist in restoring compromised systems, but often proves inadequate. The median ransom payment skyrocketed to $6.5 million in 2023, up from $335,000 the previous year, according to insurance broker Marsh & McLennan Cos.

Will Thomas, a cybersecurity expert tracking Akira’s attacks, mentions that the group selects its targets by identifying servers with outdated software and then infiltrating them opportunistically. “What they do isn’t necessarily complex or advanced,” Thomas explains. “Yet they are highly effective and completely ruthless.”

In 1865, William Knight began making deliveries with a horse and cart in a village named Old, located approximately 80 miles north of London, which eventually led to the establishment of Knights of Old, now based in Kettering. Abbott, who grew up in the area, was familiar with the Knight family and joined Knights of Old at the age of 20. He started as a traffic manager, coordinating trucks and assisting drivers and clients. Over time, Abbott advanced through the ranks, and by 2007, he and two partners, who did not respond to requests for comment, became directors and co-owners. They later merged Knights with two additional delivery companies — Nelson Distribution and Steve Porter Transport — under the KNP Group umbrella.

At the time of the cyberattack, KNP reported nearly £100 million ($126 million) in annual revenue, employing 900 individuals, operating seven depots, and managing 400 trucks. Knights was the largest and most established of the three firms, recognized by its vibrant blue trucks emblazoned with the motto “Service With Honour” in large yellow letters, alongside a symbol of an armored knight. The company serviced major clients such as Penguin Random House LLC and Hachette Book Group, facilitating the distribution of millions of books for Amazon.com Inc. and other retailers. Earlier in 2023, KNP had leased a 140,000-square-foot warehouse in Luton, near London, as part of its growth strategy.

Having encountered computer issues in the past, Abbott and his team had already developed a backup operational method. They could revert to using paper tickets and job sheets for deliveries while also utilizing mobile phones and Gmail.

Abbott had believed the company was secure; just a month prior to the breach, he had arranged a £1 million cyberattack policy through Aviva Plc, which chose not to comment. Management had also provided cybersecurity training for employees and paid about £60,000 annually to a contractor for support. However, following the attack, Abbott stated that the contractor, whose name he withheld, provided little support and “was clueless” about the next steps.

After the attack, Aviva organized a response team from security firm Solace Cyber to assist. The very next day, they started a digital cleanup of all electronic devices — computers, laptops, and even photocopiers — connected to the company’s network. Paul Cashmore, managing director and co-founder of Solace, noted the breach resulted in significant damage. He described guiding Knights’ employees through a tumultuous range of emotions: “First came shock. Then realization. Finally, it was about managing the aftermath.” Solace currently handles about two major ransomware incidents weekly, with no signs of a decrease, Cashmore added.

ADVERTISEMENT:

CONTINUE READING BELOW

Knights contacted Coveware Inc., a US-based company that specializes in negotiating with ransomware attackers, according to Abbott. The firm, which did not comment, indicated that considering KNP’s size and revenue, the Akira group would likely request a Bitcoin payment between $2.7 million and $5.3 million. Law enforcement typically advises against paying ransom, as it encourages further attacks. Furthermore, transferring cryptocurrency to these groups might violate existing sanctions against certain involved criminals.

Abbott and his colleagues chose not to negotiate with Akira or pay any ransom, believing there was no guarantee that the data could be fully restored, even with the decryption key. The hackers subsequently followed through on their threat by releasing over 10,000 internal documents online, which mainly consisted of employee payroll records, invoices, and various financial documents.

The company attempted to recover its systems. Within a few days, Knights’ technicians had implemented a new transport management framework and salvaged an earlier version of the warehouse software. However, the financial management databases remained initially unrecoverable as hackers had destroyed another backup that was meant to be securely stored.

Faced with cash-flow difficulties, KNP sought a loan. Abbott mentioned that the bank would only extend it if the company could provide the missing financial documents and performance reports. While awaiting an insurance payout, the co-owners explored selling the company. A European investor expressed significant interest but insisted that the three partners provide personal guarantees regarding the company’s finances due to the missing records, putting their homes and savings at risk. Unsurprisingly, they declined, as Abbott remarked, “My wife would have never allowed that, no matter how confident we felt about the business.”

On September 25, 2023, KNP Group filed for administration, which is akin to declaring bankruptcy in the UK. In Kettering, Abbott shared the unfortunate news with his employees, many of whom he had worked alongside for years. Another firm acquired one of KNP’s subsidiaries, Nelson Distribution, preserving around 170 jobs. However, the remaining 700 or so employees, primarily from Knights of Old, lost their positions. Jeff Maslin, a truck driver for Knights, reported that many drivers are still owed weeks of unpaid wages. “I know people who lost their homes, their vehicles, and even went through divorces,” he states.

KNP later discovered that Akira had penetrated the systems using a method called “brute forcing,” which can utilize software to make countless guesses to crack an employee’s password. Abbott suggested that more advanced security monitoring tools might have detected the intrusion. “If you don’t have that, get it,” he advises other companies.

Earlier this year, the administrators began procedures to sell Knights’ headquarters and other KNP assets. The truck fleet, mostly leased, has been returned. Ultimately, the insurer fulfilled the £1 million policy payout, yet it did not cover Knights’ losses during administration.

Now working as a consultant for other logistics firms, Abbott has recently acquired a single truck and plans to start fresh. “I’ve had to rebuild my life,” he reflects. “I’ve lost everything.”

© 2024 Bloomberg

Stay updated on Moneyweb’s extensive finance and business coverage on WhatsApp here.

  • Related Posts

    Key Coins to Watch for Major Profit Potential

    Disclosure: This article is not intended as investment advice. The information and materials provided on this page are for educational purposes only. Trump’s inauguration triggers a crypto market surge, propelling…

    City Gains Significant Advantage in Injury Management

    Cape Town City has received a significant boost with the return of five key players to full fitness and training as they prepare for their Nedbank Cup round-of-32 match against…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Key Coins to Watch for Major Profit Potential

    • By admin
    • January 23, 2025
    Key Coins to Watch for Major Profit Potential

    City Gains Significant Advantage in Injury Management

    • By admin
    • January 23, 2025
    City Gains Significant Advantage in Injury Management

    One by One, Global Leaders at Davos Embrace Principles of the Trump Era

    • By admin
    • January 23, 2025
    One by One, Global Leaders at Davos Embrace Principles of the Trump Era

    African Researchers Strengthen Data Analysis Skills at the 2025 Afrobarometer Summer School

    • By admin
    • January 23, 2025
    African Researchers Strengthen Data Analysis Skills at the 2025 Afrobarometer Summer School

    Bitwise’s Registration Hints at Potential Dogecoin ETF Launch Soon

    • By admin
    • January 23, 2025
    Bitwise’s Registration Hints at Potential Dogecoin ETF Launch Soon

    Erasmus Joins New Club – Sportswire

    • By admin
    • January 23, 2025
    Erasmus Joins New Club – Sportswire