Royal Mail restores global shipping weeks after LockBit ransomware attack

U.K. postal giant Royal Mail says it has finally restored international shipping after a ransomware attack downed its export services for over a month.

Royal Mail spokesperson Mark Street told TechCrunch on Thursday that it has reinstated international export services to all destinations for purchase online and at Post Office branches. “We are now processing close to normal daily volumes of international export mail with some delays,” Street said. In an incident update dated February 23, Royal Mail noted a “small number” of international untracked services for business contract customers continue to face some disruption.

Royal Mail faced severe disruption for six weeks after a January 10 cyberattack left the company unable to dispatch certain items overseas. While the organization had reinstated most online services in recent weeks, Royal Mail could not, until now, process international parcels at its 11,500 Post Office branches.

According to the BBC, Royal Mail ships to 231 countries and territories worldwide and shipped more than 150 million parcels overseas in the past year.

Royal Mail’s long-awaited service update comes as the Russia-linked LockBit ransomware gang, whose high-profile victims have also included NHS vendor Advanced, published some of the data it stole from Royal Mail on its dark web leak site. The prolific ransomware gang initially threatened to publish all stolen data on February 9.

The 45 gigabyte data dump published by LockBit, reviewed by TechCrunch, doesn’t appear to include sensitive customer or financial information, though it does contain at least one employee’s COVID-19 vaccination details.

“Royal Mail is aware that an unauthorized third-party has published some data allegedly obtained from our network,” Street told TechCrunch. “At this stage of the investigation, we believe that the vast majority of this data is made up of technical program files and administrative business data. All of the evidence suggests that this data contains no financial information or other sensitive customer information. We continue to work closely with law enforcement agencies.”

Earlier this week, LockBit published what it claimed was the full transcript of its negotiations with Royal Mail, which included an initial $80 million ransom demand to provide a decryption tool and to stop the publication of data. LockBit later lowered its demand to $40 million. It’s not clear if Royal Mail paid any of the ransom, and Royal Mail’s spokesperson Street declined to say.

LockBit earlier this month also claimed an attack on Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes. The gang threatened to leak data stolen from the company on February 4, though Ion has yet to show up on LockBit’s leak site.

It’s unclear if Ion paid LockBit’s ransom demand, and it’s not yet known how much and what types of data were stolen from the company.

Royal Mail’s ransomware attack:

January 11: Royal Mail warns of severe disruption after ‘cyber incident’
January 17: Royal Mail CEO confirms cyberattack downed UK postal service
February 7: LockBit ransomware group threatens to publish stolen Royal Mail data
February 14: Royal Mail refused to pay ‘absurd’ LockBit ransom, chat logs say

Royal Mail restores global shipping weeks after LockBit ransomware attack by Carly Page originally published on TechCrunch