How One Bad Password Put A 158-Year-Old Company Out of Business

It’s hard to believe that an easily guessable password and not having MFA enabled for one account could sink a 158-year-old business. That’s exactly what recently happened to a British transport company called KNP.

The BBC is reporting that a gang of cyber attackers gained access to KNPs systems by simply guessing an employee’s password. With no MFA or other security policies enabled, the hackers easily encrypted the company’s data and locked its internal systems.

The bad guys sent KNP a chilling message:

"If you're reading this, it means the internal infrastructure of your company is fully or partially dead…Let's keep all the tears and resentment to ourselves and try to build a constructive dialogue.”

KNP didn’t have the resources to meet the attacker’s ransom demand, so the decision was made to simply shutter the company.

Boom. Just like that, a company that had survived two world wars, a global depression, and more recently a worldwide pandemic decided to close its doors.

Here’s the story: https://www.bbc.com/news/articles/cx2gx28815wo

This incident serves as a stark reminder of the vulnerabilities that organizations face in the digital age. It is crucial for businesses of all sizes to invest in cyber awareness training programs and advanced cybersecurity solutions to minimize their online risks.

LiftOff has a ton of resources to help businesses stay safe.

Here’s a recent tutorial we did on Defender for Office 365 Plan 1: https://www.youtube.com/watch?v=DJL6Qu2KCAc

And here’s another on Attack Simulator, the cyber awareness training tool that comes bundled in Defender for Office 365 Plan 2: https://www.youtube.com/watch?v=_hfVTFBlHOU&t=20s

Reach out to us here at LiftOff for even more cyber security strategies to stay safe in Microsoft 365.