Toni Dimaano Tech 02.07.2023 22:Feb PM EST

LockBit Ransomware Group Takes Responsibility Of Recent Royal Mail Attack

The cyberattack on Royal Mail, the top mail delivery provider in the UK, has been claimed by the LockBit ransomware operation.

According to Bleeping Computer, due to "severe service disruption," this compelled the company to cease its international shipping services.

LockBit Previously Denied Its Involvement In The Cyberattack

Following the distribution of copies of the ransom note on January 13, speculation about LockBit's involvement in the Royal Mail cyberattack initially surfaced.

While initially attempting to deny responsibility, the group eventually claimed that an affiliate had carried out the breach without the operator's knowledge.

Initially, the group claimed that the attack was the consequence of a disgruntled developer leaking its source code.

Using the LockBit 3.0 ransomware generator that was disclosed on Twitter in September 2022, they claimed that the attack was the work of other hackers.

After determining that one of its members had installed ransomware payloads on Royal Mail's systems, LockBitSupp posted on a hacking site to confirm that LockBit was responsible for the attack.

Additionally, the representative for the ransomware group stated that until a ransom is paid, they will not provide a decryptor or remove data that has been taken from the network of Royal Mail.

Currently, the Royal Mail attack entry on LockBit's data breach site states that on Thursday, February 9, at 03:42 AM UTC, stolen data will be made available online.

This indicates that the ransom demand made by the ransomware gang, the sum of which is still unknown, has not been satisfied, Tech Crunch writes.

Although Royal Mail has not publicly acknowledged the LockBit ransomware attack, spokesman Mark Street claimed the company is aware that an unauthorized third party infiltrated its network.

Additionally, Royal Mail, according to Street, thinks that technical program files and administrative business data make up the majority of this data.

With this, Street claims that all of the evidence points to the fact that this data is devoid of any critical consumer or financial information.

Royal Mail Want To Downplay The Attack As An 'Incident'

On January 10, Royal Mail became aware of the attack and enlisted the aid of external forensic specialists to assist with the investigation.

The company also informed UK security agencies about the incident, which is being looked into by the National Crime Agency and the UK National Cyber Security Centre (NCSC)

The company continues to refer to the attack as a "cyber incident" for the time being and claims to have recovered some of the services that were affected.

The issue that occurred last month follows one in November 2022, which caused the Royal Mail's tracking capabilities to be unavailable for more than 24 hours.

According to Bleeping Computer, Royal Mail's ongoing IT issues came at a time when its mailing services are already under pressure due to scheduled nationwide strikes and ongoing discussions with the Communication Workers Union.

Due to the incident, which happened more than a month ago, Royal Mail claimed it is still experiencing service disruption.

In an update dated February 7, the business stated that it continues to make progress using substitute methods and systems that were not impacted by the cyberattack.

However, the company is still unable to handle foreign packages at Post Office locations throughout the United Kingdom.

According to some accounts, ransomware that infected printers used to create customs labels for packages delivered to foreign countries was targeting Royal Mail.

It is important to note that over 200 countries and territories are served by Royal Mail, which sent 200,000 shipments daily last year, Tech Crunch notes.