A cyberattack was carried out on Royal Mail on January 12th. The ransomware message was printed by the distribution centre printers. It impacted all deliveries, though international shipments faced the most challenges.
Details of the attack
The postal service and courier company Royal Mail suffered a cyberattack on January 12th. The attack took place at a distribution centre near Belfast, Northern Ireland. The distribution centre’s printing equipment started printing ransom notes informing them their data had been stolen and encrypted. The gang responsible for the attack threatened to publish the stolen data on the dark web as well.
An attack from LockBitSupp
The attack was carried out using a method specific to LockBitSupp, a gang linked to Russia. They created a ransomware encryptor called LockBit Black and have already targeted multiple establishments including a hospital. LockBitSupp operating mode is to get the printers inside the targeted establishment to print out the ransom notes.
The ransom notes included two Tor websites addresses linked to the LockBit ransomware operation. Multiple security researchers said the description ID to the Tor websites did not work. However, it is unclear if the gang deleted the ID because the ransom notes were leaked to the press, or if the negotiations were moved to a new ID.
The aftermath of the attack
Royal Mail still hasn’t said publicly they suffered a ransomware attack. They only refer to it as a “cyber incident” and disclose very little information to the public. Being a private company, Royal Mail is still required to keep the authorities and regulators informed of the evolution of the situation. The National Cyber Security Centre, a branch of the UK’s Government Communications Headquarters, and the National Crime Agency are currently investigating the attack.
The attack forced them to cease all international deliveries activities. Royal Mail urges companies and private individuals to wait as long as possible to submit parcels and letters for international deliveries. As of January 18th, the export of parcels has been restarted. Nevertheless, Royal Mail has declared that the operations will take time to return to normal.
Maud Igersheim
M2 Cyberjustice – Promotion 2022/2023
Sources :
It is really frightening that a company of this size can be hit by something like this.
We use ParcelForce a lot and have not noticed any delays or disruptions to the service, but we are based in mainland UK and not Northern Ireland, so it might not have impacted UK operations.
The main delays were caused by the recent strikes, but these seem to have finished now and service restored to normal.