Royal Mail is working to mitigate the impact after falling victim to a cyber attack thought to have links with Russia.
Service was disrupted earlier this month when a cyber attack disrupted the computer systems Royal Mail uses to send parcels abroad. Though the company has remained tight-lipped on the nature of the attack, many reports put it down to Lockbit – a ransomware program developed and used by criminal gangs with links to Russia.
That said, Lockbit has been used around the world and just last year a Canadian-Russian national was arrested in Ontario following the high-profile attack on Holiday Inn.
In the immediate aftermath of the attack Royal Mail suspended all overseas deliveries and only began starting again with “limited volumes” a week later. Its official advice is still to not yet send parcels abroad that need customs declarations.
Lockbit works by encrypting sensitive data, demanding a ransom payment (usually via Bitcoin into an anonymous wallet) for its ‘safe’ return. This safety is, as with all ransomware attacks, not guaranteed as files can often be scrambled beyond any use by any imperfect encryption or decryption software.
What makes Lockbit such a threat is that it automatically determines which targets are high value, then sets about replicating itself across that target’s network for maximum impact.
On the careful wording Royal Mail has used when talking about the incident, cyber reporter at the BBC Joe Tidy wrote: “The firm is still referring to the cyber-attack as a ‘cyber incident’ and is refusing to say publicly that it is ransomware, days after reporters confirmed it.
“These distinctions matter because ransomware attacks often involve the encryption, destruction or theft of company, and sometimes customer, data.”
As yet Royal Mail hasn’t confirmed the source of the hack or any details of the “operational workarounds” it’s using to try and solve the matter.