Tag Archive for: Royal

How Royal Mail’s hacker became the world’s most prolific ransomware group

/in


As the UK’s Royal Mail grappled with the fallout of a ransomware attack, a purported member of the LockBit hacking group stepped forward on the weekend to take credit for the mayhem.

LockBit has been busy: in just the past month, it has claimed to have compromised 40 organisations, from a private school in Malaysia to a dental group in Sydney, helping it take the mantle of the most prolific ransomware gang in the world.

The group had already hit the City of London, ensnaring Kingfisher Insurance in October 2022. But Royal Mail, part of a £2.2bn delivery business, was its biggest target so far: a crucial part of the UK’s critical infrastructure that was suddenly left unable to send mail outside the British Isles.

The spotlight — both from rival hacking gangs and UK authorities — was finally on LockBit.

“Guys, you can calm down,” said the anonymous post, as it revealed that a LockBit affiliate was behind the attack, made in a private forum and shared with the Financial Times by a security researcher.

The hack, the post said, was carried out by an elite, top ten member of the sprawling LockBit gang, someone who specialised in the important jobs of decrypting and then deleting the stolen data after collecting the ransom.

Royal Mail has yet to officially confirm that LockBit breached its cyber defences, encrypted its data and is now holding it ransom. The company declined to comment on whether it was negotiating with hackers, or how long it expects the disruption to last.

During a parliamentary hearing on Tuesday, Royal Mail chief executive Simon Thompson told MPs he had been informed “that to discuss any fine details . . . would actually be detrimental”.

The week-long disruption to international deliveries comes after 18 days of strikes over the past five months, adding pressure to Royal Mail to resolve the situation. But it is facing off against an evolved version of the ransomware threat — security researchers describe LockBit as the most professional, sleekly efficient gang in the world.

A LockBit tattoo on a person’s arm
LockBit has offered to pay $1,000 to people getting a tattoo with the group’s name © Cyberint

In the past year, the “founding fathers” of the group have taken…

Source…

Royal Mail’s ‘cyber incident’ appears to be a ransomware attack

/in


British postal service Royal Mail’s ongoing cybersecurity incident is the result of an attack carried out using ransomware tools from Russia-linked hacking group LockBit, The Telegraph reports. Royal Mail disclosed the incident on Wednesday, saying that it’s unable to send packages internationally.

A ransomware note circulating on Twitter that was apparently sent to Royal Mail says that its data is “stolen and encrypted,” and threatens to publish it online if a ransom isn’t paid. The note namechecks “LockBit Black Ransomware,” which is thought to be LockBit’s latest encryptor. 

BleepingComputer reports that the ransom note contains links to the LockBit’s data leak and negotiation Tor sites. But when contacted for comment by the publication, a spokesperson for the hacking group said that it was not behind the attack, and said someone else might be using its tools after they leaked last September. If this were the case, BleepingComputer notes, then Royal Mail would have no way of communicating with the attacker since the note links to LockBit’s sites.

A service update posted on Royal Mail’s website dated January 13th says it still can’t send packages internationally. “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident,” it reads. “We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue.”

The Telegraph reports that the ransomware has infected critical Royal Mail machines used to print customs labels for international shipments. The postal service, which was publicly owned prior to its privatization in 2013, is considered “critical national infrastructure,” according to BBC News.

“Our teams are working around the clock to resolve this disruption and we will update you as soon as we have more information,” Royal Mail’s notice continues. Its investigation is being assisted by GCHQ’s National Cyber Security Centre and the National Crime Agency. Royal Mail did not immediately respond to The Verge’s request for comment.

Source…

Royal Mail hit by Russia-linked ransomware attack

/in


Royal Mail sorting office

Royal Mail sorting office

Severe disruption to Royal Mail’s overseas deliveries has been caused by ransomware linked to Russian criminals, the BBC has been told.

The cyber-attack has affected the computer systems Royal Mail uses to despatch deliveries abroad.

Royal Mail has been warning customers since Wednesday of disruption due to a “cyber-incident”.

Its latest advice is for people not to try to send international letters and parcels until the issue is resolved.

Ransomware is malicious computer software that encrypts data and locks up systems.

The ransomware used in the attack is “Lockbit”, according to a source close to the investigation.

Computer security firms say the software has been developed and used by criminal gangs with links to Russia.

BBC cyber reporter Joe Tidy has seen a ransom note sent by the criminals to Royal Mail which reads: “Your data are stolen and encrypted’.

The ransom demand is expected to be in the millions, although sources close to the investigation say there are “workarounds” to get the system going again.

Ransomware attacks are a persistent threat to organisations around the world over with attacks happening on a nearly daily basis.

But this situation is highly significant, as Royal Mail is what is deemed “critical national infrastructure” – that is, it is critical to the UK economy.

The attack is not just affecting one company and its customers, but the communications and businesses of citizens at home and abroad.

Ransomware crews typically ramp up pressure on firms to transfer funds in a cryptocurrency such as Bitcoin to an anonymous digital wallet.

They will have a deadline and are likely to be threatening Royal Mail with the prospect of having potentially sensitive data published.

LockBit is thought to have strong Russian roots but the hacker that carried out the attack could be anywhere.

Last November a Canadian/Russian man was arrested for allegedly carrying out LockBit hacks from Canada.

A Royal Mail spokesman declined to comment on whether the attack was ransomware, but repeated warnings to customers that there is no end in sight to delivery disruption.

The firm is still unable to send letters and parcels overseas and says it is “working hard”…

Source…

Royal Mail alert as ‘easy to fall for’ scam could ‘drain bank accounts’ | Personal Finance | Finance

/in


With the Royal Mail warning customers earlier this month that postage will be affected by striking workers, scammers have been seizing the opportunity to trick unsuspecting victims waiting for their parcels. Phishing attacks related to missed deliveries continue to be prevalent, making it vital to know what to look out for now more than ever.

The Royal Mail scam is simple, an email is sent out claiming that the person has missed a parcel or that it is being held. They are then redirected to a website that looks like the Royal Mail’s official site to arrange delivery.

They then have to enter their details on the site and depending on the version of the scam, they could either be asked to pay a small fee or call a premium rate phone number.

Jacco, computer security expert at Next Day Delivery, said: “This scam is known as a phishing scam and if you are waiting for a parcel or have ordered many gifts online this month then it’s easy to fall for.”

He continued: “The easiest way to tell if these emails are legitimate is to check the sending address of the emailer. You can do this on your computer or your phone by clicking on the person’s name.”

READ MORE: Martin Lewis scam ‘stealing money and personal data from thousands’

Verification code hijacking

Another common scam circulating is a malicious caller posing as a bank or another company with whom a person holds an account.

Mr Bulvshtein explained: “They’ll tell you there’s a problem with your account. They’ll then say that they’re sending a text message to you, with a code to prove your identity.

“By posing as an official company, they turn the tables on you. You’re put on the spot and expected to prove who you are. Actually, they’re the criminal, and they already have your password.”

He went on to say that the code the person might be handing over “will allow them to process a payment or log into your account” with two-factor authentication before warning that unfortunately, “many companies will no longer refund customers who willingly handed over a security passcode.”

Mr Bulvshtein suggested: “Be sure to use a password manager to create strong, secure, and unique passwords. Set up two-factor authentication on…

Source…