Passphrase and 2FA , better an physical token access, is the minimum in a company, apart a backup of all important data. These hackers are in need to be send a Guantanamo, but also the IT employees of this company, a weak password without 2FA and backups are also a crime in a company.

Andi’s writeup

A weak employee password led to the collapse of KNP, a 158-year-old British transport company, after hackers from the Akira ransomware group gained access to their systems in 2023[^1]. The attackers encrypted the company’s data and left a ransom note stating “If you’re reading this, it means the internal infrastructure of your company is fully or partially dead”[^2].

Unable to pay the estimated £5 million ransom demand, KNP lost all its financial records and operational data[^1]. Despite having cybersecurity insurance and industry-standard IT protections, the company went into administration three months after the attack, resulting in 730 job losses[^3].

“We need organisations to take steps to secure their systems, to secure their businesses,” said Richard Horne, CEO of the National Cyber Security Centre[^1]. The hackers gained entry through a “brute force” attack by guessing one employee’s password - a person who was never told they were the weak link that led to the company’s demise[^4].

[^1]: Weak password allowed hackers to sink a 158-year-old company - BBC

[^2]: The Times - My company thrived for 150 years

[^3]: The Straits Times - How a ransomware attack caused a British company to go bust

[^4]: The Times - My company thrived for 150 years

That is what I mean, that the IT employees of this company also are worth to go into jail, because stupids and the worst professionals ever seen. If you get hacked as an user, it don’t cause more than that you invent a lot of new NSFW words and the lost of some documents and selfie photos, but in a company this isn’t aczeptable, because the result is seen here.