Royal Mail, 'Cyber Incident' Knackered International Mail

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
Royal Mail confirmed a "cyber incident" has disrupted its ability to send letters and packages abroad, and also caused some delays on post coming into the UK.

The postal service, and the UK's National Cyber Security Centre and National Crime Agency, issued similar statements about the IT SNAFU on Wednesday, with Royal Mail advising customers to stop sending international mail until it fixed the problem."We're experiencing disruption to our international export services and are temporarily unable to dispatch items to overseas destinations," the organisation tweeted. "We strongly advise customers to hold any export items while we work to resolve the issue." Royal Mail added it was "sorry for any disruption this may cause," and would not comment further. This is a developing story; we'll keep you updated as we confirm any other details.

The National Cyber Security Centre (NCSC) said it was "aware of an incident affecting Royal Mail Group Ltd" in a statement.
 

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
This is not the only thing that is 'knackered' with Royal Mail. We live less than 5 minutes walk away from our local Royal Mail delivery office, yet we seem to only get about 3 deliveries a week, when it is supposed to happen on 6 days of the week, friends who live nearby report similar experiences. Royal Mail have been employing new staff on an initial 6 months contract, promising people a permanent contract if they do well. As the 6 months time period is neared they tend to terminate the contract and employ someone new. This avoids having to pay them more fthrough a permanent contract. Postal delivery staff have been one of the numerous sectors of the UKs workforce going on strike in recent months, I don't blame any of them. The UK is 'knackered', Brexit sealed that fate.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
It seems to be LockBit group.. That's harsh. Something tells me these guys are not going to be merciful this time like they were with Toronto's Sick Kids' Hospital.



Edit: further developments via Bleeping Computer. It's somewhat confusing as now there is talk that it's someone impersonating LockBit (?) But BC states some info (links in the ransom note leading back to the "real" LockBit site for example) contradicting that. Guess we'll see, right?

 
Last edited:

Stopspying

Level 19
Verified
Top Poster
Well-known
Jan 21, 2018
814
It seems to be LockBit group.. That's harsh. Something tells me these guys are not going to be merciful this time like they were with Toronto's Sick Kids' Hospital.



Edit: further developments via Bleeping Computer. It's somewhat confusing as now there is talk that it's someone impersonating LockBit (?) But BC states some info (links in the ransom note leading back to the "real" LockBit site for example) contradicting that. Guess we'll see, right?


I think they are deliberately keeping quiet about some of the details, possibly to keep the ransomware gang guessing/buy time. It seems to be the international mail division that is hit, local deliveries seem to be happening. Apparently there are huge buildups at the 6 main Royal Mail depots at airports. This will likely have big knock-on effects for businesses, possibly hitting small traders really hard, so any response needs to take all of that into consideration. I don't know how much this may affect other nations businesses - whether or not the UK mail system plays an important staging post in international mail operations. Possibly less so than pre-Brexit.

"...As first reported by The Telegraph, the attack on Royal Mail is now confirmed to be a ransomware attack by the LockBit operation, or at least someone using their encryptors.
The Telegraph reports that the ransomware attack encrypted devices used for international shipping and caused ransom notes to be printed on printers used for customs dockets.
BleepingComputer has seen an unredacted version of the printed ransom notes and can confirm that they include the Tor websites for the LockBit ransomware operation...."

 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I think they are deliberately keeping quiet about some of the details, possibly to keep the ransomware gang guessing/buy time.
Interesting observation, this...clearly, you're not dealing with "ordinary" people here but those in alternative realities, with alternative rationales and justifications for the crimes they commit. (y)

Here's a little more info (not a whole lot) broken down into easily digested pieces. This obfuscating, I mean, it's like a squid discharging ink to keep you off its tail.

 

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
The 60-year-old, who runs Blue Sky Vinyl, is lucky but he admits: "Their patience will only go so far." Why? Because Mr MacDonald, like many other small business owners, has been waiting for nearly a week to send out international orders via Royal Mail. And, as others have told the BBC, he has absolutely no idea when his shipments can resume. Last Wednesday, Royal Mail asked customers to stop sending letters and parcels overseas after criminals launched a ransomware attack on the company.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top