158年公司“一夜毁灭”，只因一员工弱密码被黑客“猜中”：数据全锁、被勒索近5000万，700+人瞬间失业

Core Insights - The article highlights the vulnerability of even long-established companies to cyberattacks, exemplified by the case of KNP, a 158-year-old transportation company that went bankrupt due to a ransomware attack triggered by a guessed password [1][4][8] - The incident underscores the increasing prevalence of ransomware attacks, particularly in the UK, where the number of such incidents has surged significantly [8][9] Company Overview - KNP, or Knights of Old, is a historic transportation company based in Northamptonshire, UK, with over 500 trucks and a significant presence in the local logistics industry [4] - The company suffered a catastrophic cyberattack in June 2023, executed by the Akira hacking group, which has been active since March 2023 and has targeted over 250 organizations globally, demanding over $42 million in ransom [4][6] Attack Details - The attack on KNP was facilitated by a weak password used by an employee, which was exploited through brute force methods [4][5] - Following the breach, Akira deployed ransomware that encrypted all of KNP's critical business data, rendering the company unable to operate [5][6] Ransom Demand - Akira left a cold and mocking ransom note after encrypting KNP's data, with an estimated ransom demand of up to £5 million (approximately 48.49 million yuan) [6][8] - KNP was unable to pay the ransom, leading to the loss of all data and the eventual bankruptcy of the company, resulting in over 700 employees losing their jobs [8][9] Industry Context - The KNP incident is part of a broader trend, with numerous UK companies experiencing similar attacks, including M&S, Co-op, and Harrods, highlighting a significant rise in ransomware incidents [8][9] - The National Crime Agency (NCA) reported that the frequency of cyberattacks in the UK has increased from 20 to 35-40 incidents per week since 2022 [8] Security Insights - The article discusses the challenges companies face in prioritizing IT security, often viewed as a cost center rather than a profit center, leading to inadequate investment in cybersecurity measures [10][11] - Following the KNP incident, there is a call for mandatory cybersecurity assessments akin to vehicle inspections, emphasizing the need for basic resilience against cyber threats [11][12]