What went wrong?

The attackers reportedly gained access through a guessed employee password – a tactic that continues to be one of the most common causes of ransomware incidents.

KNP had cyber insurance and industry-standard IT in place. But this wasn’t enough to prevent or recover from the attack. Once inside, the attackers locked the company out of its own systems and left operations at a standstill.

The National Cyber Security Centre (NCSC) now deals with a major ransomware incident every day. Their message is clear: attackers are opportunistic – they look for a single weak point, and act fast.

Whether you're in logistics, or like most of our clients in education or legal services, ransomware is now one of the most serious operational risks to consider. A compromised password, an unpatched system or a misconfigured endpoint can lead to severe disruption.

Our recommendations to have in place now:

• Review password policies: Enforce strong, unique passwords and multi-factor authentication (MFA) across your organisation.

• Run a cyber audit: Ensure your systems, vendors and endpoints meet current security standards.

• Back up securely: Store encrypted backups offline or in a separate cloud environment and test recovery regularly.

• Educate your team: Human error remains the biggest risk. Staff should receive regular training to spot phishing, scams and social engineering.

• Have a response plan: Know how you’ll respond if a breach happens – from containment and investigation to comms and legal steps.

At Netprotocol, we work with UK organisations to reduce cyber risk and improve readiness. Whether it’s running a cyber risk assessment, improving backup and recovery or supporting user awareness – we can help you build practical defences against evolving threats.