Rido – stock.adobe.com
The infamous LockBit ransomware cartel is suspected of being behind an ongoing cyber security incident at the UK’s Royal Mail, which has crippled IT systems and left the postal service unable to dispatch letters and parcels overseas.
Leaked copies of the ransomware note appear to identify the prolific Russia-based gang as the culprits. As is standard practice, the perpetrators claimed to have both encrypted and stolen Royal Mail’s data. The value of the ransom being demanded was not disclosed, although it is likely to be at the high end of the scale.
Although the ransom note is understood to include genuine links to dark web leak sites and negotiation tools used by LockBit, security news website Bleeping Computer earlier reported there is a chance that the threat actor behind the attack is using a leaked version of LockBit’s ransomware builder and may not be directly associated with the gang.
Royal Mail has neither confirmed nor denied the veracity of the claims. In a service update earlier this morning (Friday 13 January), the organisation said: “Royal Mail is experiencing severe service disruption to our international export services following a cyber incident.
“We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue. Items that have already been despatched may be subject to delays. We would like to sincerely apologise to impacted customers for any disruption this incident is causing.
“Our import operations continue to perform a full service, with some minor delays. Parcelforce Worldwide export services are still operating to all international destinations though customers should expect delays of one to two days.
“Our teams are working around the clock to resolve this disruption and we will update you as soon as we have more information. We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities.”
LockBit has claimed multiple victims in the UK in the past six months – including NHS software supplier Advanced – and is one of the most highly active ransomware cartels on the current scene.
It is also considered to be one of the more sophisticated operations in play, and its locker malware is regularly updated and upgraded to make it a more dangerous threat, and to throw investigators, researchers and journalists off the gang’s scent.
One of its most recent high-profile attacks took place on Christmas Day 2022, against the Port of Lisbon Administration (APL) in Portugal.
Tim Mitchell, Secureworks Counter Threat Unit senior security researcher, said: “If this was the work of LockBit, the scale of the impact of the incident will very much depend on the particular affiliate involved.
“The core individuals behind LockBit ransomware run arguably the most prolific ransomware-as-a-service scheme, so it’s no wonder it accounted for nearly a third of named victims across all ransomware leak sites in 2022,” he said.
“LockBit has been used to perform everything from broad network-wide encryptions that have crippled organisations through to deploying ransomware to only a few hosts with limited impact on the victim’s operations.
“Until we know the details of this incident, we won’t know for sure how impactful this will be long term on Royal Mail,” added Mitchell.
Orange Cyberdefense head of UK strategy, Dominic Trott, said as a result of a previous customer data leak in November 2022 that forced Royal Mail to temporarily suspend its Click and Drop online service, the organisation may have been better able to respond to the current attack.
“This earlier breach means it has had recent ‘practice’ of the UK Information Commissioner’s Office (ICO) mandatory breach notification process. Nonetheless, Royal Mail will have been well prepared for this type of incident, and it has clearly made the necessary authorities aware in a timely manner to limit the potential damage,” said Trott.
“Specifically, it has already publicised that it is working with the UK’s National Cyber Security Centre and the ICO to investigate the incident. But further, as a component of the UK’s critical national infrastructure as determined within UK law by the Network and Information Systems Directive, it must adhere to higher standards of operational resilience – including from a cyber resilience perspective – than most organisations.”
The California Age-Appropriate Design Code Act goes into effect in 2024, meaning businesses with users under the age of 18 should…
In this Q&A, Schneider Electric’s Michael Lofty discusses why and how organizations need to step up efforts to reduce CO2 …
Fake product reviews can be harmful not just to consumers, but to businesses if their product is negatively targeted by bad …
Security analytics platforms aren’t traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about …
Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes…
T-Mobile said a threat actor first began using an API in November to obtain the personal data of 37 million customer accounts, …
Cloud-managed Wi-Fi provides IT groups with several benefits, including policy enforcement, network management and consistent AP …
As enterprises accelerate toward digitization of their complete IT stack, NaaS — which can lower costs, increase QoS and improve…
Network asset management software helps network teams keep track of network devices and software, ensuring timely upgrades, …
Dell has delivered versions of its PowerEdge servers using Intel’s 4th Gen Xeon Scalable processors and AMD’s EPYC chips.
More data growth and tightening financial conditions are coming. Protect data center assets in 2023 through environmental …
Quantum computing has lots of potential for high compute applications. But the technology is still in the early stages, so it may…
The past year focused heavily on data intelligence, lakehouse development and observability as vendors innovated to help …
Enterprise Strategy Group Analyst Stephen Catanzano discusses how data-centric developer responsibilities are evolving as …
Intelligent data management concepts are opening new avenues for organizations to make better data-centric decisions and extract …
All Rights Reserved, Copyright 2000 – 2023, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information