It’s the incident that should keep every business owner up at night. It begs the question: Is your ransomware readiness plan good enough to save your business?
In late July 2025, a 158-year-old UK transport brand named Knights of Old (KNP) collapsed after a ransomware attack that began with a single, easily guessed employee password. The attackers encrypted operational data and demanded a multi-million-pound ransom that the firm couldn’t afford. Roughly 700 people lost their jobs and about 500 trucks were taken off the road.
Incident responders arriving the next morning reportedly found all data encrypted and servers, backups, and disaster-recovery systems destroyed. It’s a worst-case blast radius that left the company unable to recover, despite having cyber insurance. Estimates put the ransom demand as high as £5 million.
This is not a “UK transportation business problem.” Utah businesses such as Clinics, accounting and law firms, agencies, tech shops, financial services, retail, real estate, and service SMBs all rely on email, an internet edge, and restorable files. If those three fail together, the outcome looks the same.
A ransomware readiness plan is a proactive strategy that outlines how your business will prevent, detect, respond to, and recover from a ransomware attack. All businesses should have one implemented, even if you think your business is too small to be targeted.
Let’s break down this devastating attack and the lessons that can keep your business from going under for good.
Key Takeaways
-
A single weak password can trigger a total business shutdown.
-
Immutable, tested backups are the difference between recovery and collapse.
-
Cyber insurance helps with expenses but won’t restore lost data.
-
System segmentation limits how far attackers can move inside your network.
-
Email filtering and impersonation defense stop the most common entry point—phishing.
-
Regular restore drills prove your recovery plan actually works.
How did their ransomware readiness plan fail so spectacularly?
KNP’s ransomware readiness plan crumbled when it was needed most. The attack spread quickly, causing widespread chaos and shutting down core operations. Critical data was lost, customers were left unserved, and the business had no clear path to recovery. It was a breakdown on every front, leaving the company with no way to bounce back.
The mistakes that brought them down
- They used one weak password and no second step to sign in. This gave attackers easy access from the start.
- Their backups could be changed or deleted. Once the attackers got in, they wiped every copy.
- They let criminals move fast through their systems. The intruders quickly reached critical servers and tools.
- They relied on insurance to save them. The payout couldn’t bring back data, customers, or operations.
- They put everything on one system. When that system went down, the whole business stopped.
- They missed important alerts. Warnings that could have signaled trouble weren’t acted on in time.
- They left outside‑facing tools open or outdated. Hackers used these as easy entry points.
- They had no clear, printed plan for bad days. Staff didn’t know the exact steps to take when systems failed.
KNP had somewhat of plan. They had backups, they had insurance, they even had some alerts. But it didn’t work when it mattered most. So how about your business? Do you have a ransomware readiness plan that could actually save your business?
Ransomware Readiness – Review Your Setup
Do you really know how your network, email, and backups are set up? Even if you run a small shop, these are the areas that can make or break your recovery after a ransomware attack.
Consider the following setups
- Internet & Wi‑Fi: Let in only what you need. Keep registers/patient records/finance on their own network, separate from guest Wi‑Fi. When signing in to admin tools or working away from the office, use a secure firm connection and a code (two‑step sign‑in).
- Email: Block fake senders and risky links. Show an “External” label on mail from outside, and run a quick virus check on links and attachments before opening. Ask your IT to set your domain to reject look‑alike emails.
- Backups: Make daily copies no one can change or delete, stored away from your main system. Every quarter, restore a few files and write down how long it took so you know it works.
When your network, email, and backups are structured the right way, you give yourself a fighting chance to stay open, serve your customers, and recover quickly. Skipping these steps leaves you vulnerable to the same kind of collapse that took down KNP.
Industry-Specific Ransomware Readiness Tips
Your business runs on sensitive records, client details, and valuable information. Whether you’re a doctor, a lawyer, a retailer, a financial advisor, or in real estate, extra steps in protecting your systems can mean the difference between keeping prying eyes out and losing what matters most. These recommendations are about making sure your industry’s unique data stays safe, private, and recoverable—no matter the size of your shop.
Best practices for your industry
Clinics
Keep patient‑record systems off the regular office Wi‑Fi. Before opening lab PDFs, run a virus check. If anything looks suspicious, don’t open it. Keep automatic, tamper‑proof backups of patient records, and practice restoring a small sample each month.
Accounting
During tax season, call to confirm any request to change payment or bank details, and keep nightly, unchangeable backups of your client folders so you can restore them fast.
Law Firms
Always call to confirm any change to wiring instructions—never rely on email alone. Keep your document system separate from the regular office network. Make daily, unchangeable backups of case files and practice restoring a few files each month. When working away from the office, sign in through a secure firm connection with a code (two-step sign‑in).
Financial Services
Always call to confirm any change to wiring or account details. Be alert for look‑alike emails or websites. Only allow access to approved custodian sites. Keep unchangeable, read‑only copies of statements and client records for easy audits and quick restores.
Retail
Keep your registers (POS) on their own network, separate from guest Wi‑Fi and office computers. If an email invoice asks you to click a link or open a file, call the supplier first—don’t open unexpected attachments. Make a daily, unchangeable backup before the store opens so you can restore the same day if something goes wrong.
Real Estate
During closing week, always call to confirm wiring instructions—don’t trust email alone. Watch for emails or websites that look like yours but aren’t. Use your firm’s secure sign‑in when working on the go. Make daily, unchangeable backups of deal folders so you can restore them fast.
Agencies & Tech Firms
On weekends and after hours, limit logins and keep Remote Desktop turned off. Don’t click developer‑tool links from emails—open GitHub, Jira, or other project tools from your own bookmarks. Make daily, unchangeable backups of your design assets and source code so you can restore fast.
How 1Wire Boosts Your Ransomware Readiness
To recover from a ransomware attack, your most important systems must be protected and set up to limit damage. At 1Wire, we make sure your business is locked down and ready to fully restore if the worst happens.
Managed Firewalls
We block unwanted visitors and stop intruders from moving around if they get in. We separate critical systems, enforce a deny-by-default setup, and protect admin access with multi-factor authentication.
Email Gateway Security
We stop impersonation scams, scan links and attachments before they open, and block look-alike emails. This keeps your communication safe and reduces phishing risks.
Ransomware-Resilient Backups
We create unchangeable, off-domain copies of your files and test restores regularly so recovery works when needed. If disaster strikes, you can get back up and running quickly.
With 1Wire managing your network, email, and backups, your operations can be locked down during an attack and fully recovered after it.
Why Ransomware Readiness Starts Now
KNP’s 158 years of history didn’t protect them from one weak password. But with MFA, email filtering, and immutable backups, your odds change completely. The cheapest time to act is before a breach—downtime costs more than prevention.
Get started with 1Wire. Let’s make sure your weakest link isn’t the reason your business disappears.
FAQs
Does cyber insurance protect me from ransomware?
It can help pay for recovery costs, but it can’t bring back encrypted or deleted data—or lost customers.
What’s the best defense for ransomware readiness?
MFA for all logins, immutable backups, and phishing-resistant email filtering.
How often should I test backups?
At least quarterly—restore a few files and document the process.
Are small businesses really targeted?
Yes—attackers automate their scans, so they don’t care about company size.
