One password, 700 jobs: the ransomware lesson every North Wales business needs

A guessed password destroyed a business that survived 158 years of wars, recessions, and strikes. In June 2023, the Akira ransomware group broke into KNP Logistics, a Northamptonshire haulier with £100 million in annual revenue and 700 staff, by brute-forcing a single employee account. The attackers encrypted the company’s data, destroyed the backups, and demanded £5 million in ransom. By September, KNP had entered administration. Seven hundred jobs gone, and a century of trading history with them. The killer detail: multi-factor authentication (MFA), the second-step login check that makes a guessed password worthless, was not switched on.

This was not a sophisticated attack. It was not state-sponsored hacking. It was a missing control that costs less than a business lunch per month. KNP had antivirus, firewalls, backups, monitoring tools, even cyber insurance. All of it was defeated by one guessed password and the absence of MFA on the remote-access system.

What actually happened

Once inside, the attackers moved through the network, then destroyed the local backups so recovery would be impossible. The cyber insurance KNP held did not cover the full loss. Ransom negotiations failed. Three months of operational paralysis followed, with no access to email, accounting software, customer data, or lorry-tracking systems. Unable to process orders or get lorries on the road, the business died, not from a technical flaw, but from a governance decision made years earlier to skip one control.

The NCSC, the UK’s National Cyber Security Centre, counts MFA among the highest-value defences for internet-facing systems. With MFA enforced, a guessed password is a failed login attempt. Without it, one weak password becomes the entire last line of defence.

KNP is not an isolated case. M&S disclosed a ransomware incident in spring 2025 with a maximum £100 million insurance claim. Co-op was hit in April 2025 and confirmed it lacked cyber cover. Harrods reported a similar incident. The pattern across all three: stolen or guessed credentials, and absent or weak MFA.

What would have changed the outcome

The controls most likely to have stopped the June 2023 attack cost almost nothing in licensing:

• MFA on remote access and VPN via Microsoft 365 Conditional Access policies. Zero additional licensing cost on most business plans. One afternoon of configuration work.
• Endpoint detection and response software that watches machines for ransomware behaviour rather than waiting for antivirus signatures to match. Around £5 per computer per month.
• Immutable offsite backup, meaning backup copies stored separately that an attacker cannot reach or delete, tested regularly so you know they actually work. For a company of KNP’s scale, the annual cost of all three would have been a small fraction of the £5 million ransom demand, let alone the losses from three months of shutdown.

How to check your own setup

If you run a business in North Wales, whether you’re a 15-person accountancy firm in Ruthin or a 100-person manufacturer in Flint, these are the questions worth asking:

1. Is MFA enforced on email, remote access, and VPN? Not just available, enforced, so no user can bypass it.
2. Are you running proper endpoint detection software, or just traditional antivirus?
3. Are your backups stored offsite, tested regularly, and genuinely immutable?
4. What does your cyber insurance policy actually cover? Many policies now require MFA and endpoint detection to be in place before they’ll pay out. Our article on why cyber insurance claims are being quietly denied covers exactly this. KNP did a lot of things right. The gap between their setup and “survived intact” was one missing control and a recovery plan that worked on paper but failed under pressure.

Getting those three controls in place is not a large project. Dragon Digital audits and implements this exact setup for businesses across North Wales, checking whether your MFA, endpoint protection, and backup actually hold up, and whether your insurance policy would pay out if you needed it. Worth knowing before something forces the question.