The High Cost of Weak Security: The KNP Logistics Cyber Breach

Rhys Roberts | 21/10/2025

KNP logistics was a UK based logistics company that was impacted by a ransomware attack in June 2023. Within 60 days of being breached, the company had filed for administration as it was unable to pay the ransom or restore operations. In total, 700 jobs were lost. The company believed it was secure and resilient with backups. KNP had also taken out cyber insurance, yet this attack still sunk a 158-year-old company.

How did this happen?

Hackers were able to get initial access into KNP's systems by simply guessing a password. A lack of multi-factor authentication and incorrect password policy made entry into KNP's very easy for the threat actor group known as AKIRA.

Once AKIRA had a foothold, they moved laterally throughout the network without being detected and managed to encrypt all of KNP's core systems. AKIRA then managed to encrypt all of KNP's backups, meaning restoring to an operational state was now impossible.

After demanding a ransom that was estimated to be around $5million dollars, KNP was unable to pay this ransom or restore its systems to an operational state, causing the company to grind to a halt. Within 60 days, KNP had gone into administration.

Breakdown

• Missing MFA controls resulted in threat actors gaining a foothold

• Lack of logging and obversability allowed undetected lateral movement

• Improper hardening allowed multiple system compromises

• Access control for backups was not implemented correctly causing recovery to fail

Learnings from KNP

Even though it may seem like the lack of multi-factor authentication was to blame, that was only part of KNP's downfall. A lack of proper implementation of logging, hardening, authentication and access controls to backups and critical systems all played a vital role in its demise.

KNP believed it was protected as it had followed standards, but that was inadequate. By correctly assigning MFA, logging and detection, application hardening and access controls, AKIRA would have been stopped along the cyber kill chain, preventing the companies collapse.

These controls were incorrectly configured, and caused the last 2 lines of defence, backups and insurance, to fail. This is why it is critical to ensure your cyber security strategy is implemented correctly to prevent the worst-case scenario from occurring.

How We can help

At Stonewood Cyber, we specialise in ensuring that your systems and processes are ironclad and implemented in a way that will protect your business. We work with you to ensure that your business is resilient and prepared in case of an adverse event. We can provide full cyber assessments or focus in on a specific area of defence to fit your businesses needs.

Don't wait, reach out now to find out how Stonewood Cyber can help protect your business today.