Royal Mail hit by Russia-linked ransomware attack


Royal Mail sorting office

Royal Mail sorting office

Severe disruption to Royal Mail’s overseas deliveries has been caused by ransomware linked to Russian criminals, the BBC has been told.

The cyber-attack has affected the computer systems Royal Mail uses to despatch deliveries abroad.

Royal Mail has been warning customers since Wednesday of disruption due to a “cyber-incident”.

Its latest advice is for people not to try to send international letters and parcels until the issue is resolved.

Ransomware is malicious computer software that encrypts data and locks up systems.

The ransomware used in the attack is “Lockbit”, according to a source close to the investigation.

Computer security firms say the software has been developed and used by criminal gangs with links to Russia.

BBC cyber reporter Joe Tidy has seen a ransom note sent by the criminals to Royal Mail which reads: “Your data are stolen and encrypted’.

The ransom demand is expected to be in the millions, although sources close to the investigation say there are “workarounds” to get the system going again.

Ransomware attacks are a persistent threat to organisations around the world over with attacks happening on a nearly daily basis.

But this situation is highly significant, as Royal Mail is what is deemed “critical national infrastructure” – that is, it is critical to the UK economy.

The attack is not just affecting one company and its customers, but the communications and businesses of citizens at home and abroad.

Ransomware crews typically ramp up pressure on firms to transfer funds in a cryptocurrency such as Bitcoin to an anonymous digital wallet.

They will have a deadline and are likely to be threatening Royal Mail with the prospect of having potentially sensitive data published.

LockBit is thought to have strong Russian roots but the hacker that carried out the attack could be anywhere.

Last November a Canadian/Russian man was arrested for allegedly carrying out LockBit hacks from Canada.

A Royal Mail spokesman declined to comment on whether the attack was ransomware, but repeated warnings to customers that there is no end in sight to delivery disruption.

The firm is still unable to send letters and parcels overseas and says it is “working hard”…

Source…