Royal Mail, 'Cyber Incident' Knackered International Mail

[upnorth]

Content source

https://www.theregister.com/2023/01/11/royal_mail_uk_cyber_incident/

Royal Mail confirmed a "cyber incident" has disrupted its ability to send letters and packages abroad, and also caused some delays on post coming into the UK.

The postal service, and the UK's National Cyber Security Centre and National Crime Agency, issued similar statements about the IT SNAFU on Wednesday, with Royal Mail advising customers to stop sending international mail until it fixed the problem."We're experiencing disruption to our international export services and are temporarily unable to dispatch items to overseas destinations," the organisation tweeted. "We strongly advise customers to hold any export items while we work to resolve the issue." Royal Mail added it was "sorry for any disruption this may cause," and would not comment further. This is a developing story; we'll keep you updated as we confirm any other details.

The National Cyber Security Centre (NCSC) said it was "aware of an incident affecting Royal Mail Group Ltd" in a statement.

Royal Mail, UK authorities investigate 'cyber incident'

Don't go postal and call it a cyberattack because nobody knows (yet) what knocked out key system

www.theregister.com

 

[Stopspying]

Royal Mail, UK authorities investigate 'cyber incident'

Don't go postal and call it a cyberattack because nobody knows (yet) what knocked out key system

www.theregister.com

This is not the only thing that is 'knackered' with Royal Mail. We live less than 5 minutes walk away from our local Royal Mail delivery office, yet we seem to only get about 3 deliveries a week, when it is supposed to happen on 6 days of the week, friends who live nearby report similar experiences. Royal Mail have been employing new staff on an initial 6 months contract, promising people a permanent contract if they do well. As the 6 months time period is neared they tend to terminate the contract and employ someone new. This avoids having to pay them more fthrough a permanent contract. Postal delivery staff have been one of the numerous sectors of the UKs workforce going on strike in recent months, I don't blame any of them. The UK is 'knackered', Brexit sealed that fate.

 

[plat]

It seems to be LockBit group.. That's harsh. Something tells me these guys are not going to be merciful this time like they were with Toronto's Sick Kids' Hospital.

Spoiler

Edit: further developments via Bleeping Computer. It's somewhat confusing as now there is talk that it's someone impersonating LockBit (?) But BC states some info (links in the ransom note leading back to the "real" LockBit site for example) contradicting that. Guess we'll see, right?

Spoiler

 

[ElectricSheep]

There's tons of mail still stuck at HWDC as a knock on effect from the recent strikes. This just going to worsen those delays

 

[Stopspying]

It seems to be LockBit group.. That's harsh. Something tells me these guys are not going to be merciful this time like they were with Toronto's Sick Kids' Hospital.

Spoiler

Edit: further developments via Bleeping Computer. It's somewhat confusing as now there is talk that it's someone impersonating LockBit (?) But BC states some info (links in the ransom note leading back to the "real" LockBit site for example) contradicting that. Guess we'll see, right?

Spoiler

I think they are deliberately keeping quiet about some of the details, possibly to keep the ransomware gang guessing/buy time. It seems to be the international mail division that is hit, local deliveries seem to be happening. Apparently there are huge buildups at the 6 main Royal Mail depots at airports. This will likely have big knock-on effects for businesses, possibly hitting small traders really hard, so any response needs to take all of that into consideration. I don't know how much this may affect other nations businesses - whether or not the UK mail system plays an important staging post in international mail operations. Possibly less so than pre-Brexit.

"...As first reported by The Telegraph, the attack on Royal Mail is now confirmed to be a ransomware attack by the LockBit operation, or at least someone using their encryptors.
The Telegraph reports that the ransomware attack encrypted devices used for international shipping and caused ransom notes to be printed on printers used for customs dockets.
BleepingComputer has seen an unredacted version of the printed ransom notes and can confirm that they include the Tor websites for the LockBit ransomware operation...."

Royal Mail cyberattack linked to LockBit ransomware operation

A cyberattack on Royal Mail, UK's largest mail delivery service, has been linked to the LockBit ransomware operation.

www.bleepingcomputer.com

 

[plat]

I think they are deliberately keeping quiet about some of the details, possibly to keep the ransomware gang guessing/buy time.

Interesting observation, this...clearly, you're not dealing with "ordinary" people here but those in alternative realities, with alternative rationales and justifications for the crimes they commit.

Here's a little more info (not a whole lot) broken down into easily digested pieces. This obfuscating, I mean, it's like a squid discharging ink to keep you off its tail.

Spoiler

 

[upnorth]

The 60-year-old, who runs Blue Sky Vinyl, is lucky but he admits: "Their patience will only go so far." Why? Because Mr MacDonald, like many other small business owners, has been waiting for nearly a week to send out international orders via Royal Mail. And, as others have told the BBC, he has absolutely no idea when his shipments can resume. Last Wednesday, Royal Mail asked customers to stop sending letters and parcels overseas after criminals launched a ransomware attack on the company.

How cyber-attack on Royal Mail has left firms in limbo

Small businesses tell the BBC they are facing delays and losing money as overseas post is stopped.

www.bbc.com