Royal Mail stands firm as LockBit leaks data and renews ransom demand


Alex Scroxton


Published: 24 Feb 2023 11: 15

The LockBit ransomware gang has actually dripped a tranche of information exfiltrated from Royal Mail’s IT systems throughout its January 2022 cyber attack, and set a fresh ransom need of ₤33 m as it restores its efforts to require the postal service to spend.

The respected Russian-speaking ransomware operation had actually formerly set a ₤66 m ransom need— which Royal Mail declined as an “unreasonable” quantity of cash– prior to dropping it to roughly ₤47 m.

It cut off settlements with the postal service on or around 9 February however, in spite of its preliminary risks, did not launch any of the information it took up until 23 February, when a 44 GB dump was dripped by means of its dark website.

According to initial analysis, the contents of the files connect to numerous parts of Royal Mail’s service, and consist of technical info, agreements with third-party providers, personnel and personnel disciplinary records, information of wages and overtime payments, and even one employee’s Covid-19 vaccination records.

A Royal Mail representative stated: “Royal Mail understands that an unauthorised 3rd party has actually released some information presumably gotten from our network. The cyber event affected a system interested in shipping mail overseas.

” At this phase of the examination, our company believe that the large bulk of this information is comprised of technical program files and administrative company information. All of the proof recommends that this information includes no monetary info or other delicate client info. We continue to work carefully with police,” they stated.

The effect of the January attack on Royal Mail’s clients has actually now mainly passed, with the last remaining worldwide services through Post Office branches brought back previously today

At the peak of interruption, the organisation was completely not able to procedure or dispatch any letters or parcels to locations outside the UK, leaving lots of small company owners who count on its services to deliver items to clients overseas in an incredibly challenging position.

At the time of composing, Royal Mail stated it was presently processing “near to regular” day-to-day volumes of mail, with some recurring hold-ups, and while things are going back to typical, it is possible that clients might still come across some problems when corresponding and parcels abroad over the coming days and weeks.

The Post Office, on the other hand, has stated it will increase compensation for postmasters for a time to assist them recuperate a few of business they lost to the service interruption.

Tim Mitchell, security scientist and LockBit thematic lead at Secureworks, commented: “The bulk of attacks on organisations by gangs like LockBit are opportunistic, making use of a vulnerability or taken qualifications and getting whatever information they can despite what it is. It’s essential to keep in mind that even if the information does not consist of PII [ personally recognizable details] or what Royal Mail would think about delicate, it might still be important to risk stars.

” Royal Mail may not consider the information that was taken, and has actually now been released, as delicate, however that didn’t stop its worldwide operations being substantially affected for 6 weeks. Despite the monetary ransom need, the functional discomfort that LockBit has actually triggered business is evidence of the damage ransomware can cause on an organisation,” stated Mitchell.

Read more on Data breach event management and healing

Read More