Hacking group linked to Russia allegedly behind Royal Mail cyber incident
A Russia-linked hacking group is allegedly behind the Royal Mail cyber incident that has left more than half a million parcels due for international postage unable to be delivered.
The group, known as Lockbit, are believed to be responsible for the incident which is preventing the postal service to send letters and parcels abroad.
The Telegraph reported that sources familiar with the Royal Mail investigation said the hacking group’s ransomware, Lockbit Black, had infected machines used by the Royal Mail to print customs labels used to send parcels outside the United Kingdom.
Lockbit’s signature ransomware scrambles files and leaves a message demanding payment in cryptocurrency to reverse the damage. The note allegedly says: “Lockbit Black Ransomware. Your data are stolen and encrypted.
"You can contact us and decrypt one file for free."
Printers at a Royal Mail distribution centre in Northern Ireland reportedly started printing copies of the ransom note. This is known to be a tactic of the hacking gang.
A spokesperson for the Royal Mail said: "Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.
"We are temporarily unable to despatch export items including letters and parcels to overseas destinations. We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue. Some customers may experience delay or disruption to items already shipped for export. Our import operations continue to perform a full service with some minor delays.
"Our teams are working around the clock to resolve this disruption and we will update customers as soon as we have more information. We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities.
"We would like to sincerely apologise to impacted customers for any disruption this incident may be causing."
The National Cyber Security Centre, which is part of GCHQ, is working with the National Cyber Security Centre (NCSC) to investigate the extent of the impact.
A National Crime Agency spokesperson said: “We are aware of an incident impacting Royal Mail Group Ltd. NCA officers are working alongside partners in the NCSC to fully understand its impact.”