UK logistics firm blames ransomware attack for insolvency, 730 redundancies

KNP Logistics, described by its administrators as one of the United Kingdom’s largest privately owned logistics groups, declared itself insolvent on Monday, blaming a ransomware attack back in June.

Approximately 730 employees will be made redundant as a result of the administration process, although one of the group’s key entities has been sold, saving about 170 jobs.

The incident is a rare public example of the existential threat that experts warn ransomware can pose to businesses. But KNP Logistics Group was already struggling before the ransomware attack, according to Raj Mittal, the joint administrator who is handling the insolvency process on behalf of business advisory firm FRP Advisory.

“Against a backdrop of challenging market conditions and without being able to secure urgent investment due to the attack, the business was unable to continue. We will support all affected staff through this difficult time,” said Mittal.

According to the administrators, the “major ransomware attack … affected key systems, processes and financial information. This adversely impacted on the financial position of the Group and ultimately, its ability to secure additional investment and funding.”

KNP Logistics Group, which traded under a number of names including Knights of Old, was added to the Akira ransomware gang’s list of victims in June.

In July, the cybersecurity firm Avast publicly released a decryptor for the Akira ransomware, offering a hope for the dozens of victims attacked since the gang emerged in the spring. Previously the decryptor had been privately circulating among incident responders.

It is not known whether KLP Logistics would have been able to use the decryptor had the business group accessed it. A spokesperson for the company’s administrators did not respond to Recorded Future News asking if KLP had contacted law enforcement or an external incident response company following the ransomware attack.

Earlier this year, the National Cyber Security Centre and the Information Commissioner’s Office (ICO) published a joint blog post saying they were “increasingly concerned” that ransomware victims were keeping incidents hidden from both law enforcement and from regulators.

Reported ransomware attacks on organizations in the United Kingdom reached record levels last year, when criminals compromised data on potentially more than 5.3 million people from over 700 organizations, according to a surprisingly neglected dataset published by the ICO.

The data reveals there had been hundreds of cyber incidents affecting the transport and leisure sector in the U.K. since April 2019.

Data on 2023 is not yet available, but the U.K.’s security minister Tom Tugendhat said this month that the UK was “a top target for cybercriminals. Their attempts to shut down hospitals, schools and businesses have played havoc with people’s lives and cost the taxpayer millions. Sadly, we’ve seen an increase in attacks.”

An NCSC spokesperson said: “Ransomware is one of the most significant cyber threats facing the UK and attacks can have far reaching impact. The NCSC has published free and actionable advice for organisations of all sizes on how to put robust defences in place to protect their networks.”