It started with a simple glitch on a single computer. One of our office workers reported his screen had frozen. No one batted an eyelid. Why would they? Computer screens freeze all the time. It’s sure to be nothing, right?

But just a few hours later our entire IT system was down with not a single member of our 800-strong team able to log in to any of our software.

Most vitally, our Transport Management System was inaccessible – the platform where all routes are planned and detailed. As a haulage and logistics company with 350 trucks on the road, the stakes couldn’t have been higher. This wasn’t just a problem for the company, but a danger to the public.

At the time, I was Group Director and shareholder of KNP Logistics and this was my worst nightmare.

Emergency protocols kicked in and our nearly 800 employees resorted to running our logistics network – worth more than £100million a year – via mobile phone. In a surreal moment, there was a scramble to find and distribute pens and paper as we resorted to working the ‘old-fashioned way’.

Meanwhile, IT experts rushed to find a solution, eventually shutting down our entire network. But when they rebooted the system, a file appeared that made my blood run cold. ‘Hi friends,’ read the terrifying message that popped up on the screen. ‘If you’re reading this, it means the internal infrastructure of your company is fully or partially dead.’

The text – written in white on a black background – then provided information on how to pay an as yet undisclosed ransom, before the hackers signed off: ‘The faster you will get in touch [sic], the less damage we cause.’

I’ll never forget that sobering moment or the feeling of sweat running down the back of my neck. Responsible for the cyber attack was the notorious Akira gang, understood to be based in Russia. The FBI believes Akira have made over $42million in the past year alone from 250 separate cyber attacks.

Paul Abbott was the Group Director and shareholder of KNP Logistics when the firm suffered a cyber attack

So when I read the news in recent weeks that Marks & Spencer, Harrods and the Co-op have all suffered their own horrific cyber attacks, it was all rather too close to home.

Only on Tuesday, M&S confirmed the breach had resulted in the theft of ‘personal customer data’.

In my experience, customers can forgive operational issues, but the loss of personal data is different and far more troubling. It’s one thing if the checkouts aren’t working efficiently – it’s another if your name, address and god knows what else are in the hands of international cyber criminals.

M&S wrote a letter to customers suggesting payment details were likely not part of the leak. The retailer added that ‘everyone at M&S is working around the clock to get things back to normal as quickly as possible’.

I remember telling my own customers exactly the same thing. Three months later the entire business – which traced its roots back 160 years – folded with the loss of some 730 jobs and livelihoods. The cyber attack on KNP Logistics back in 2023 – when I was on the board – was ruinous for the company and took a considerable personal toll.

Based in Northamptonshire and with more than 350 trucks and 500 trailers in operation, it was one of the largest private companies of its kind in the UK, turning over £100million each year. We’d worked hard to invest in cutting-edge technologies and our staff were well trained in cyber security and the danger of phishing emails.

We bought firewall protections, the latest software and spent a hefty £40,000 on cyber security insurance covering us for up to £1million. Admittedly, I never dreamt I’d have to use it.

And then on June 12, 2023, my life changed forever. It was late in the evening and one of our night operators – co-ordinating haulage drivers out in the field – was struggling to get access to the Transport Management System.

It wasn’t until people started arriving for work the next morning, that we realised something was really wrong.

A notorious Russian gang was to blame for the cyber attack, leaving a ransom note with atrocious spelling and clunky grammar

Employees were logging in to their systems only to be booted straight back out again. It was at this point that I noticed our IT team really start to panic – and also when I first heard someone utter the words: ‘cyber attack’.

By mid-morning our manual contingency operation was in full flow. We’d gone from Microsoft Excel to pen and paper. It was stressful, but there was hardly time to panic.

I tried to remain calm and keep the team motivated while under immense pressure, reassuring colleagues that, like with power outages in the past, we’d likely be up and running within a few hours. However, later that day, as IT rebooted our servers, the ransom note floated to the top of the digital pile and brought the world crashing down around us.

I knew immediately that the hackers must be from overseas because the spelling was atrocious and the grammar clunky. Though I had no idea at this point that a notorious Russian gang was to blame.

‘Well, for now let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue,’ read the note, now etched into my memory. ‘We’re fully aware of what damage we caused by locking your internal sources...’

A list of five points detailed what the gang would do next. First, examine our financial records before deciding upon a realistic ransom sum.

The second point assured us we could have our systems up and running within approximately 24 hours if we paid up. The third – almost comically – told us they would provide a ‘security report’ upon payment revealing how they had accessed our system.

The penultimate point warned they would sell our data on the DarkMarket if we failed to comply, while the final point assured us the gang was willing to negotiate.

As the recent ruinous attacks on retail stores like Marks & Spencer, whose stores are still struggling with stock issues, no company is immune from the terrorising threat of faceless cyber criminals, Paul Abbott writes

The note concluded with details of how to contact them using the so-called Tor Browser, more commonly known as the ‘dark web’, which is favoured by criminals the world over due to the untraceable nature of transactions and users within it.

Fourteen hours after the initial disruption, I called our insurer, and an incredible machine kicked into gear.

Aviva hired Solace Global Cyber to take control of the situation and the following morning seven people arrived at our office in Kettering and set up their own equipment, plugging into our servers and taking control of our tech infrastructure.

The process was painfully slow and required patience. These were surreal days and long, gruelling nights. I’ve never been afraid of hard work but this was unprecedented. And all the while, our team kept the show – quite literally – on the road.

At the same time, thoughts started running through my head. How had we been breached? Was it an inside job?

We trusted all our employees but you never quite know what’s happening in someone’s private life, whether they are having money problems or just fancy making a quick buck when propositioned by a hacker group.

On the other hand, had we done everything right or had a mistake meant we were in breach of the insurance policy and would ultimately be liable for footing the bill ourselves? (Fortunately the policy terms had been complied with.)

The forensics team would eventually reveal to me that one member of staff, who did not use two-factor authentication (now a fairly standard form of IT security), had had their password compromised, leading to the breach. That employee was one of our best: they were diligent and wholly trustworthy.

To this day, I haven’t revealed who it was, because, quite frankly, I couldn’t bear for them to feel the guilt.

Eventually, we decided – on advice – not to pay the ransom. The mooted figure was between $2.3million and $5.7million.

Not only did we not have that money to hand having recently opened a new warehouse in Luton, but even if we did get our data back there was no guarantee it wouldn’t be corrupted or unusable.

Instead, we started building our IT systems again from scratch. Sadly, however, losing all our data was something we never recovered from. The firm was unable to borrow money as we had no means of producing the kind of financial information required by lenders or new investors. Similarly, it was difficult to take on new customers – though throughout the entire horrific ordeal, we only lost one customer thanks to the dedication and brilliance of the team.

However, on September 23 – three months after the attack – the administrators were called in. It was a desperate moment. Although we’d done everything right, the board and I couldn’t help but feel sick to our stomachs that this had happened on our watch.

I’m now 58 and it’s back to humble beginnings. I have a young family and a mortgage; I’ve got to earn a living. So, I’ve got up and I’ve got on, starting a new haulage firm, Yarrow Group Ltd, with my wife. I also spend a lot of time providing consultancy to logistics and transport groups warning them as to the dangers of cyber attacks and what they can do to properly protect themselves.

Sadly – and frustratingly – so many businesses still don’t fully understand the risks involved with cyber crime.

KNP Logistics had a proud history going back to 1865.

Yet it was bulldozed in just three months.

And as the recent ruinous attacks on retail stores like Marks & Spencer, Co-Op and Harrods show, no company is immune from the terrorising threat of faceless cyber criminals who can operate from anywhere in the world with nothing more than a laptop and an internet connection.