The gang’s members are believed to have close links to Russia.
A Lockbit member said in a blog post published on the dark web last year: “We benefit from the hostile attitude of the West (towards Russia). It allows us to conduct such an aggressive business and operate freely within the borders of the former Soviet (CIS) countries.”
Tim Mitchell, a senior researcher at cyber security company Secureworks, said the impact of the attack was likely to be very serious.
He said: “The core individuals behind LockBit ransomware run arguably the most prolific ransomware-as-a-service scheme, so it’s no wonder it accounted for nearly a third of named victims across all ransomware leak sites in 2022.”
Russia-linked hacker gangs have been one of the main online threats to businesses over the last decade or more.
At the start of Russia’s invasion of Ukraine many gangs began carrying out cyber attacks at the direction of Russian spy agencies, according to cyber security researchers.
Prior to the February 2022 invasion, US President Joe Biden had held phone calls with Vladimir Putin to encourage his Russian counterpart to hand over suspects wanted by US law enforcement authorities.
“I made it very clear to [Putin] that the United States expects, when a ransomware operation is coming from their soil even though it’s not, not, sponsored by the state, that we expect them to act,” the US president said in July 2021.
Russian authorities have been slow to act against ransomware suspects wanted by the West.
Some gangs openly flaunt their stolen wealth in Russia, being seen driving cars such as Lamborghinis and Ferraris.
One alleged Lockbit member has been charged by US authorities with taking part in the gang’s global ransomware spree.
Mikhail Vasiliev, 33, of Bradford, Ontario, a dual Russian-Canadian citizen, is currently awaiting extradition from Canada. There is no suggestion that he was involved in the Royal Mail cyber attack.
Prosecutors allege Mr Vasiliev conspired to intentionally damage protected computers and sending ransom demands, charges which carry a maximum five year prison sentence.
The chief of the National Cyber Security Centre, Lindy Cameron, has previously described ransomware as the number one cyber threat facing British businesses.