The ongoing Royal Mail cybersecurity incident is the result of an attack carried out using ransomware tools from the Russia-affiliated hacking group LockBit, The Telegraph reports. Royal Mail announced the incident on Wednesday, saying it cannot ship parcels internationally.
A ransomware note circulating on Twitter which was apparently sent to Royal Mail says the data was “stolen and encrypted” and threatens to publish it online if a ransom is not paid. The note checks out “LockBit Black Ransomware”, which is believed to be LockBit’s latest encryptor.
Beeping computer reports that the ransom note contains links to LockBit’s data breach and negotiation Tor sites. But when the publication reached out for comment, a spokesperson for the hacking group said it was not behind the attack, saying someone else could use its tools after they leaked last September. If this were the case, Beeping computer notes, there would be no way for Royal Mail to communicate with the attacker as the note links to LockBit’s sites.
A service update posted on the Royal Mail website of January 13 says it still can’t ship packages internationally. Royal Mail is experiencing a serious disruption to our international export services due to a cyber incident. “We are temporarily unable to ship items to overseas destinations. We strongly recommend that you temporarily hold export mail items while we work to resolve the issue.”
The Telegraph reports that the ransomware has infected critical Royal Mail machines used to print customs labels for international shipments. The post, which was owned by the government prior to privatization in 2013is according to BBC news.
Our teams are working around the clock to resolve this outage and we will update you as soon as we have more information. The research is assisted by GCHQ’s National Cyber Security Center and the National Crime Squad. Royal Mail did not immediately respond The edgerequest for comment.
