Paul Abbott vividly recalls the moment he received a ransom note from hackers who brought down his business. “If you’re reading this, it means the internal infrastructure of your company is fully or partially dead,” the message said.

The former group director and co-owner of KNP, a logistics firm based in Kettering, initially dismissed the IT issues they experienced during a summer day in 2023 as typical problems.

Unbeknownst to him, hackers had sabotaged their systems and were poised to demand millions in cryptocurrency for their return, with threats to publish sensitive data on the dark web. “I was in the operations office when they told me, ‘It’s not good news, there’s a ransom note.’ I just said, ‘Shit,’” he recounted.

The note further stated, “Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue… We’re fully aware of the damage we caused by locking your internal sources… The sooner you reach out, the less damage we will inflict.”

The attackers were linked to the Akira ransomware group, believed to be based in Russia and one of the most notorious in the world. This group has targeted significant entities including Stanford University, Nissan, a major US railroad, and a state-owned South African bank, reportedly generating $42 million through 250 attacks from spring 2023 to 2024, as per the FBI.

A ransomware incident is one among hundreds occurring annually in the UK, many orchestrated by Russian groups, with most going unreported due to companies’ fears of embarrassment or reputational damage.

Abbott, 58, is breaking the silence to alert others about the increasing risk. This month, GCHQ stated that the UK is underestimating the cyber threat and becoming complacent.

A surprising factor for Abbott is that he was proactive; he had obtained cybersecurity insurance for £1 million just three weeks prior to the attack. Additionally, his company had adhered to standards for international data security accreditation. Yet, despite this preparation, KNP, one of the UK’s largest private logistics firms with a history stretching back 158 years, collapsed within three months.

The assault led to the demise of the Knights of Old brand (motto: service with honour), one of the three businesses that comprised KNP. Founded in 1865 by William Knight, the company initially made deliveries using a horse and cart in the village of Old in Northamptonshire.

Abbott expressed feeling “cold and a bit lost” in the immediate aftermath of the attack. He returned to his insurer, Aviva, who coordinated a specialized team to restore IT systems and get the operations back on track. Another US firm managed negotiations with the hackers.

Experts estimated Akira was demanding between $2.7 million and $5.3 million in ransom. While Abbott found these sums “pretty prohibitive,” he also lacked confidence that even if the hackers returned the files, they would be intact. The decision was made not to pay, leading Akira to publish internal records.

Despite lacking its software, KNP still managed to oversee 50,000 pallets—that’s about 2,000 truckloads (for context, a single supermarket typically handles around 400 pallets). Remarkably, KNP seemed on a path to recovery, effectively managing 400 lorries that transported goods for publishing houses like Penguin Random House and various pharmaceutical and food packaging companies. The company only lost one client throughout this turmoil.

Nevertheless, the strain was palpable within the organization, which employed 900 staff across seven depots. The IT director felt immediate responsibility, questioning his role in the crisis. Abbott, however, emphasized the need for the director’s expertise in the rebuild. “We need him as part of this reconstruction,” he let slip, amid calls for accountability.

The hackers infiltrated the company utilizing a fundamental tactic: exploiting a weak password used by an employee, which they cracked using brute force techniques. Notably, KNP had not implemented multi-factor authentication, a crucial security measure. Abbott and his colleagues opted not to disclose to the employee that he had been the vulnerability. “We didn’t feel it was fair to inform him given what happened,” Abbott stated.

The loss of financial data proved fatal for KNP. Abbott revealed that following the construction of a new warehouse, cash flow was already tight, and they struggled to provide the bank with the necessary assurances for further credit.

The insurance payout amounted to £250,000, covering initial costs, but to access additional funds required evidence of incurred expenses, a challenging task with their financial system compromised. An attempt to sell the business failed, leading KNP to enter administration in September of the previous year, culminating in 730 job losses, including Abbott’s.

He lost his ownership stake and a lucrative salary while now attempting to rebuild his career step by step. “Upon being made redundant, I found myself asking, what now? What do I do next?” He emphasized that the directors lived modestly and did not extract dividends or loans for personal expenses.

Since the administration, Abbott hasn’t communicated with one of the other shareholders. “Everyone copes with challenges differently,” he remarked, reflecting on the heavy burden of informing staff about the business’s closure, a task that was not formally in his purview.

Paul Cashmore, managing director of Solace Global Cyber, was called in to assist Abbott. He described their service as akin to “Ghostbusters,” responding urgently to crises. With about 100 similar cases this year, he characterized them as “absolutely devastating.”

Cashmore noted, “It’s alarming. Just recently, we encountered an instance where a CEO’s credentials were exposed on the dark web, enabling unauthorized access that breached the organization. The perpetrators are not breaking in; they’re simply logging in.”

He expressed that the impact of KNP’s closure, resulting in hundreds of job losses, was a significant blow to the local community. He urged other organizations to take the cyber threat seriously, saying, “The key message is that they are unaware of the severity of these attacks.”

Groups like Akira are becoming increasingly aggressive, even targeting backup systems as companies aim to protect themselves.

Tim Erridge from Palo Alto Networks shared a case where hackers infiltrated a manufacturing company for two months, gathering intelligence to ultimately encrypt or eliminate the entire network. He noted a shift in hacker strategies from quick disruption to total system wipe-out.

Abbott has since redirected his career toward advising others on measures to prevent becoming victims of cybercrime. “If cybersecurity isn’t a priority for your board, it needs to be. Engage specialists who truly understand this area—it’s not something you can simply purchase off the shelf,” he advised.