A weak password. A century-old company. 700 families unemployed. This true story shows why cybersecurity has gone from being "an IT thing" to a matter of business survival.
Knights of Old (KNP), a traditional British transport company founded in 1865, survived two world wars, the Great Depression, and over a century of economic transformations. It operated 500 trucks, employed 700 people, and was a benchmark in the UK logistics sector.
In 2023, all of that ended—not because of a market crisis, not because of poor financial management, not because of a stronger competitor. The company went bankrupt because an employee was using a weak password.
The Attack: Devastating Simplicity
The Akira criminal group didn't need sophisticated tools, zero-day exploits, or elaborate social engineering. They simply... They guessed the password. from an employee whose access was not protected by multi-factor authentication (MFA).
Once inside the network, the hackers acted with surgical precision: they encrypted all of the company's operational data — routes, contracts, customer information — and, even more cruelly, They destroyed all backups and disaster recovery systems..
The message left by the group was direct: "If you are reading this, it means that your company's internal infrastructure is totally or partially dead."
The ransom demanded: £5 million (approximately R$ 35 million). An amount that KNP simply did not have.
The Collapse
Without access to the systems, the trucks stopped. Without route and contract data, operations ceased. Within weeks, the company declared bankruptcy. Director Paul Abbott, in an interview with the BBC, revealed that he never told the employee in charge that his password had been the gateway to the attack. "How do you tell someone that an individual choice contributed to the bankruptcy of a 158-year-old company?"
KNP had industry-standard compliance. It had cyberattack insurance. None of that was enough.
The Alert for Brazil
If you think this is a distant problem, the Brazilian numbers are even more worrying:
- 29% of Brazilian companies suffered at least one ransomware attack in 2025
- 73% do not have cyber risk insurance
- The most common password in Brazil continues to be "123456" — breakable in less than 1 second
- According to Kaspersky, 45% of passwords They can be guessed by hackers in less than a minute.
- The average ransom amount in attacks in the United Kingdom is around... £4 million (R$ 25,6 million)
Data from the British government shows that companies faced around 19.000 ransomware attacks in 2024 alone. A third of the victims choose to pay — which only fuels the criminal cycle.
The Lessons That Cost 700 Jobs
The KNP case isn't about complex technology. It's about the neglected basics:
1. Strong Passwords Are Not Optional A strong password needs to be at least 12 characters long, combining uppercase letters, lowercase letters, numbers, and symbols. Password management tools should be a corporate standard, not the exception.
2. MFA is Non-Negotiable If KNP had multi-factor authentication enabled on that account, the attack likely wouldn't have happened. It's a simple layer of protection that can mean the difference between continuing operations and shutting down.
3. Backup is not just about having — it's about protecting. The hackers didn't just encrypt the data; they destroyed the backups. Backup strategies need to include offline, geographically distributed, and regularly tested copies. If ransomware can reach your backup, it's not a backup—it's just another target.
4. Compliance Does Not Guarantee Security KNP followed industry standards. It had insurance. And yet it went bankrupt. Regulatory compliance is the bare minimum, not complete protection. Cybersecurity needs to be treated as ongoing risk management, not as a checkbox in an audit.
5. The Human Factor is the Weakest Link Ongoing employee training is not a cost — it's an investment in survival. Every person with access to a system is a potential entry point for attackers.
Cybersecurity is a matter of survival.
Paul Abbott now dedicates his time to warning other companies. He advocates for the creation of mandatory digital security standards — a kind of "cyber audit" that proves companies are truly secure.
According to James Babbage, director general of threats at the UK's National Crime Agency, ransomware is now the most significant cyber threat in the world. And every company that pays the ransom fuels this criminal ecosystem.
The reality is inescapable: In the 21st century, cybersecurity is not an IT cost — it's an investment in the very existence of the business.
How Can Flexa Help?
At Flexa, we understand that cloud security goes far beyond configuring firewalls. With over 15 years of experience as an AWS Advanced Partner, we help companies build resilient architectures that protect against modern threats.
- Safety Posture AssessmentWe identify vulnerabilities before attackers find them.
- Implementing Zero TrustEvery access is verified, every movement is monitored.
- Immutable Backup StrategiesBackups that even ransomware can't destroy.
- Incident Response AutomationReal-time detection and containment
- Training and AwarenessWe transform your team into the first line of defense, not the weakest link.
The history of Knights of Old doesn't need to repeat itself. But prevention starts now.
Want to know how your company's security posture is? Contact our experts for an assessment.
Flexa Cloud Transforming businesses with AI, Data, and Cloud.
Sources: BBC, UK National Cyber Security Centre (NCSC), Kaspersky, ESET, NordPass
