Criminal gangs hacking into small and medium-sized companies’ computer systems can drive them out of business. They often encrypt essential data and documents to make them inaccessible. They promise that if they receive a ransom, the victim will get a “key” to unlock the encryption, but there’s no guarantee that will happen.
Bloomberg recently told the story of a medium-sized British trucking company that was the victim of a criminal organization known as Akira. There is no happy ending for Knights of Old, which tried to do the right things to prevent the attack, and no one came to their rescue. The sad fact is your company might suffer the same outcome as a business shareholder lawyer has seen all too often.
Hacking Major Corporations Hits The News, But Smaller Companies Are Most Of The Victims
The SANS Institute, which focuses on cybersecurity, reports that the number of known ransomware attacks increased 70% from 2022 to 2023, to 4,611. Since March 2023, just one criminal organization, Akira, has attacked more than 350 organizations and received about $42 million from victims.
Akira has hit high-profile targets, including Stanford University, Nissan Motor Co., and Yamaha Motor Co. However, about 80% of its targets are small- and medium-sized European and North American companies. Akira is believed to be based in Russia.
Cybersecurity insurance is available, and most smaller companies set their policy limits at $1 million. That sounds like a lot of money, and it could rebuild your computer system. But it may not be nearly enough to cover all the losses you suffer or pay a ransom to get back to normal as our friends at Focus Law LA would warn. The average ransom payment in 2023 was $6.5 million. In 2022, it was $335,000.
Akira targets victims by scanning the internet for servers with outdated software, then breaches their security. One computer security expert stated their tactics aren’t sophisticated or complicated, but they’re ruthless and very successful at what they do.
158-Year-Old Trucking Company Faces 21st Century Threat
William Knight started making deliveries in 1865, using a horse and cart in the village of Old, about 80 miles north of London. His company, Knights of Old, survived economic upheavals, technological change, and two world wars. By the time of the hack in 2023, the KNP Group, which owned the business, had nearly $126 million in annual revenue and 900 employees using 400 trucks and seven depots.
Co-owner Paul Abbott thought his company was safe from hacking and bought a £1 million cyberattack policy through a British insurer. Managers and staff were trained in cybersecurity awareness. The company paid a cybersecurity contractor about $75,000 a year for support. After the attack, Abbott said they didn’t provide much help and “didn’t have a clue” about what to do.
Criminals Seek Constructive Dialog
Abbot says Akira gained access to KNP’s systems by using the “brute forcing” technique. It uses software to make thousands or millions of guesses to find an employer’s password. He says more sophisticated security software might’ve helped detect the intrusion. Abbott advises other businesses to get it if they do not.
“For now, let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue,” Akira advised the company in an electronic note on Knights’ infected machines. “We’re fully aware of what damage we caused by locking your internal sources.”
Akira encrypted company data and offered KNP a way to unencrypt it. If they didn’t pay a ransom, all that data (much of it employees’ financial and private information) would be made public. KNP decided not to pay it because there was a chance Akira wouldn’t live up to its word. Paying criminals also encourages more hacking, and payment may violate financial sanctions against those involved. About 10,000 pages of KNP information were released on the internet.
KNP’s insurer arranged for a contractor to digitally clean all electronic devices connected to the company’s network, which suffered devastating damage. The contractor told Bloomberg they work on about two major ransomware incidents weekly.
Loss Of Financial Data Dooms Company
KNP partially rebuilt its computer system. However, their financial management databases couldn’t be recovered because hackers destroyed a backup that was supposed to be securely stored elsewhere.
In response to cash-flow problems, KNP sought a loan, but their bank wouldn’t provide it without the missing financial information. Those co-owning KNP tried to sell it, but due to the missing records, a buyer insisted the three partners personally guarantee the company’s finances. They refused to put their homes and savings at risk, so the purchase fell through.
In September 2023, KNP entered the British equivalent of bankruptcy. One subsidiary was sold, and about 530 employees lost their jobs. Many of them were not paid their wages.
Abbott, 58, worked at the company for 38 years. He’s working as a logistics consultant and bought a commercial truck. He’s planning on starting his trucking company over. “I’ve had to rebuild my life,” he told Bloomberg. “I’ve lost everything.”
Your company needs adequate computer security and insurance to cover losses if there’s a breach. If your business has been hacked due to mistakes caused by others, discuss with your attorney a potential financial recovery due to their negligence or breaching a contract.
