Search module is not installed.

Royal Mail hit by ransomware attack

13.01.2023

Royal Mail has been hit by a ransomware attack by a criminal group that has threatened to publish the stolen information online.

The postal service received a ransom note purported to be from LockBit, a hacker group that is widely believed to have close links to Russia.

Royal Mail was unable to send parcels or letters abroad after being hit by a cyber incident on Wednesday. The company asked customers not to submit new items for international delivery, even though domestic services and imports were unaffected.

Ransomware attackers exploit gaps in organisations security to install their own software and encrypt files so they are unusable. They ask for a ransom, often incryptocurrencies, which can be harder to trace because it is not reliant on the banking system.

The Telegraph said that printers at a Royal Mail distribution site near Belfast in Northern Ireland started printing ransom notes. The note said: Lockbit Black Ransomware. Your data is stolen and encrypted. Online security researchers posted photos purportedly showing the ransom note on social media.

The incident has been reported by Royal Mail, the National Cyber Security Centre, the National Crime Agency and the Information Commissioner's Office. It hasn't publicly revealed any details regarding the nature of the incident.

The National Health Service and businesses of almost every size are some of the organisations that have been hit by ransomware. The Guardian was hit by a ransomware attack last month.

Andrew Brandt, a principal researcher at Sophos, said Lockbit ransomware software was thought to have been developed by criminals from Russia and other former Soviet republics. It gives criminal affiliates access to the software in exchange for a cut of any ransoms.

Brandt said that ransom demands against organisations listed on a publicly available website ranged from $200,000 165,000 to almost 1.5 million.

Brandt said that Royal Mail is going to have to consider whether or not they are going to pay a ransom. I am a purist and say they should never pay these people anything. He said it can be a delicate balance for organisations depending on the severity of the attack and what data has been taken.

Royal Mail has not indicated when it will be able to resume international deliveries. A new ballot is scheduled this month to approve further industrial action in the dispute over pay and changes to working conditions, which has been heavily affected by workers recent strike action.

The delays are thought to be the biggest concern for the smaller exporting companies. She said that companies had already been through a tumultuous Christmas period after postal strikes, and this latest cyber incident is the last thing they need. It is an already challenging time for smaller exporters, according to Tina McKenzie, policy chair of the Federation of Small Businesses. The picture is very worrying because of the global supply chain disruption, rising shipping costs and more paperwork.