A Russia-linked ransomware gang is reportedly behind the Royal Mail cyber attack that forced it to suspend international postal deliveries and may also have affected the company’s sorting base in Mallusk.
The Telegraph has reported that the attack, which paralysed the postal service’s ability to send letters and parcels abroad, was carried out by a gang called Lockbit which is understood to have close links with Russia, leaving more than half a million parcels and letters stuck in limbo.
According to the newspaper, Lockbit’s signature ransomware scrambles files on computers and flashes up a message demanding payment in hard-to-trace cryptocurrencies as the price for unscrambling them again.
A printer in the Northern Ireland hub began spurting out ransom demands on Tuesday and threatened to release data stored by the company on a dark web site maintained by Lockbit.
A ransom note, seen by The Telegraph, said: “Lockbit Black Ransomware. Your data are stolen and encrypted [sic]. You can contact us and decrypt one file for free,” the note continues.
On Wednesday, a spokesperson for Royal Mail said: “We currently have a technical issue at the Mallusk Delivery Office which is under investigation.”
Separately on Wednesday, the company said it is facing severe disruption to its international export services after a “cyber incident”.
“We are temporarily unable to despatch items to overseas destinations,” it said. “Some customers may experience delay or disruption to items already shipped for export.”
Royal Mail added that it had launched an investigation into the incident, was “working with external experts” and “sincerely apologised” to customers for the disruption.
Declining to comment further, it added in a statement to The Telegraph: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue”.
Lockbit is thought to have extorted around $100m (£82m) from its victims and previously targeted car dealership chain Pendragon as well as children’s hospitals.
One of its members posted in an online chat: “We benefit from the hostile attitude of the West (towards Russia). It allows us to do conduct such an aggressive business and operate freely within the borders of the former Soviet (CIS) countries.”
The new attack comes as Royal Mail was subject to a data breach last November.
The company’s Click & Drop shipping service appeared to have leaked customer information when for a time, some users were able to view information belonging to other customers and their orders.
The delivery feature, which is used by both individuals and businesses, briefly became unavailable shortly afterwards with Royal Mail issuing a statement saying it was made aware of “an issue and was investigating”.
“We have been made aware there was an issue affecting Click & Drop that meant some customers could see other customers’ orders,” it said at the time.
“As a protective measure, we have stopped access to Click & Drop temporarily,” the statement added. “We fully understand and apologise for the inconvenience caused by this. Our engineers are working as hard as possible to get the site back up and running as expected.”