Royal Mail cyberattack linked to LockBit ransomware operation

2 months ago · 0 comments

Royal Mail, the UK's international postal service and courier company, announced this week that a cyber incident has caused major disruptions to international export services, preventing the company from sending goods to other countries.

Now the company is working around the clock to eliminate the consequences of a cyber attack. Hundreds of thousands of letters and parcels are in limbo, their delivery may be delayed indefinitely. In addition, Royal Mail immediately launched an investigation and brought in outside experts to help. The organization is currently working with the UK government's National Cyber Security Centre, the Royal Mail Service and the National Crime Agency.

While the investigation and work to restore the company's servers is underway, Royal Mail urged the British to refrain from overseas shipments.

According to media reports, the attack on the mail service was carried out by LockBit or someone who used their ransomware. The attackers encrypted the devices used to process international shipments and forced the printers for customs documents to print ransom notes.

The notes say that they were created by LockBit Black ransomware, which includes parts of the code previously used by the BlackMatter group. In addition, the notes contain links to sites on the darknet where the attackers post the leaked data and communicate with the victims, including the "ID for decryption" required to enter the chat with the group's representatives.

According to experts, this ID does not work. It is not yet clear why the attackers did this, but there are suggestions that in this way they are trying to avoid unnecessary attention from the media and researchers.

In turn, LockBit denies any involvement in the incident and blames other groups that use the builder leaked to the dark web.