-
- Author, Richard Bilton
- Role, BBC Panorama
Weak password allow hackers to sink a 158-year-old company.
Tori be say na just one password na im one ransomware gang of hackers take destroy one 158-year-old company plus end di work of 700 pipo.
KNP na one Northamptonshire transport company among tens of thousands of UK businesses wey don experience dat kain attacks.
Big names like M&S, Co-op and Harrods don all face attacks for recent months.
Di chief executive of Co-op confam last week say dem steal di data of all of im 6.5 million members.
For KNP case, e be like di hackers manage to enta dia computer system by guessing di password of one of dia workers.
Afta dat dem encrypt di company data and lock im internal systems.
KNP director Paul Abbott say im neva tell di employee say dia compromised password na im most likely lead to di destruction of di company.
“If na you, you go wan know?” im ask.
“We need organisations to take steps to secure dia systems, to secure dia businesses,” Richard Horne CEO of National Cyber Security Centre (NCSC) – wia dem bin give Panorama exclusive access to di team wey dey battle international ransomware gangs, tok.
One small mistake
For 2023, KNP bin dey run 500 lorries – most of dem bin dey under di brand name Knights of Old.
Di company say dia IT bin comply wit industry standards and dem don take insurance against cyber-attack.
But one gang of hackers, wey dem sabi as Akira, enta di system make staff no fit access any of di data wey dem need to run di business.
Di only way to get di data back according to di hackers, na to pay.
“If you dey read dis e mean say di internal infrastructure of your company dey fully or partially dead…Make we keep all di tears and anger to oursef and try to build constructive dialogue,” di ransom message tok.
Di hackers no name price, but specialist ransomware negotiation company dey estimate say di money fit reach as much as £5m.
KNP no get dat kain money. In di end dem loss all di data, and di company close.
Di National Cyber Security Centre (NCSC) say im goal “to make UK di safest place to live and work online”. Dem say dem dey deal wit major attack evri day.
NCSC na part of GCHQ, one of UK three main security services alongside MI5 and MI6.
Di hackers no dey do anytin new, “Sam” (no be im real name), wey dey run one NCSC team wey dey deal wit day-to-day attacks, say.
Dem just dey look for weak link, im tell Panorama.
“Dem just dey constantly find organisations on a bad day and den take advantage of dem.”
Using intelligence sources, NCSC operatives bin try to spot attacks and eject hackers from computer systems before dem go fit deploy ransom software.
“Jake” (no be im real name) dey night duty during a recent incident wen dem stop hackers.
“You understand di level of wetin dey happun and you wan reduce di harm,” e tok. “You go happy somehow, especially if we succeed.”
But NCSC only fit provide one layer of protection, and ransomware na growing and lucrative crime.
“Part of di problem be say dem get a lot of attackers,” Sam say. “We no plenty.”
Statistics dey hard to get becos companies no dey report attacks or if dem pay ransoms.
However, di estimate be say e reach up to 19,000 ransomware attacks on UK businesses last year, according to goment cyber-security survey.
Industry research suggest say typical UK ransom demand na about £4m and say about one third of companies go just pay.
“We don see wave of criminal cyber-attacks for di last few years,” Richard Horne, di NCSC CEO tok. Im deny say criminal dey win, but say companies need to improve dia cyber-security.
If prevention no work, anoda team of officers for National Crime Agency (NCA) work na to catch offenders.
Hacking dey increase sake of say na lucrative crime, Suzanne Grimmer, wey dey head one team for NCA.
Her unit bin carry out di initial assessment into di M&S hack.
Incidents don almost double to about 35-40 a week since she take over di unit two years ago, Grimmer tok.
“If e kontinu, I predict e go be di worst year on record for ransomware attacks for UK.”
Hacking dey become easier and some of di tactics no even involve computer, like ringing IT helpdesk to gain access.
Dis don lower di barrier for potential attacks Grimmer tok say: “Dis criminals dem dey far more able to access tools and services wey you no need specific technical skill set for.”
Di M&S hackers break into di company system by means of blagging or tricking dia way into di system.
Dis one cause disruption to shoppers wen dem delay delivery, some shelves bin dey empty, and dem steal customer data.
James Babbage, Director General (Threats) for NCA, say dis na characteristic of younger generation of hackers, wey dey now “get into cybercrime probably through gaming”.