Cyber Attack on Royal Mail Likely Result of Lockbit Ransomware

by Dorene Rettas on (January 14, 2023 at 4:32 PM)

On January 11, 2023 Royal Mail notified customers of a disruption of service initially noted as a “cyber incident.” That incident has now been confirmed to a cyber-attack, a result of Lockbit ransomware with ties to Russian criminals.

Royal Mail Under Attack

Royal Mail initially referred to the disruption, which was reported last week, as a cyber incident but has since been said to be a cyber attack with ties to Russian criminals. While continuing to face a “major service disruption” the company has requested customers not to send any mail or parcels internationally.

royal mail cyber attack

The back-office system used to prepare mail to be sent, track and trace mail and items sent abroad by Royal Mail was affected by the cyber-attack. It is used at six sites, including Royal Mail’s Bristol site and its huge Heathrow distribution center in Slough. In its statement, Royal Mail said it was temporarily unable to dispatch export items, including letters and parcels to overseas destinations.

Ransomware Demand

The hacker group, thought to have links to Russia, LockBit, has claimed the attack. According to The Telegraph, the group was able to get the printers at a Royal Mail distribution site near Belfast in Northern Ireland to start printing ransom notes that threatened to publish the stolen information online.

The note stated: “Lockbit Black Ransomware. Your data are [sic] stolen and encrypted... …you can contact us and decrypt one file for free." The gang also threatened to publish stolen data on the dark web.

What is Lockbit?

Lockbit Black, Lockbit’s signature ransomware, scrambles computer files and demands payment in cryptocurrencies that are hard to trace in exchange for unscrambling them.

LockBit ransomware is malicious software utilized to block user access to computer systems in exchange for a ransom payment. LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network.

TheLockbit Gang is the name for the criminals behind it and are widely believed to have Russian ties.

Continued Chaos

Royal Mail has not stated when the system disruption will be rectified, but it’s believed to be at least a week. Currently, team of engineers were trying to find a 'work around' after two days of chaos, The Times quoted a Royal Mail source as saying.

We're experiencing disruption to our international export services and are temporarily unable to despatch items to overseas destinations.

Please do not post any export items while we work to resolve the issue.

Sorry for any disruption this may cause.
— Royal Mail (@RoyalMail) January 12, 2023

The Government's National Cyber Security Center and the National Crime Agency as well as external experts have been brought in to help fix the problem.

Topics: Cyber Incidents

Share this