LockBit Ransomware Group Reportedly Behind Royal Mail Attack
Attack Is Disrupting International Mail Export ServicesRansomware-as-a-service group LockBit is responsible for a cyber incident that continues to impede the delivery of international mail from the United Kingdom, Britain's The Telegraph newspaper reported.
See Also: Stopping Business Email Compromise and Ransomware Attacks with Human-centric Security
Britain's national postal service, Royal Mail, first advised customers Wednesday of a digital incident disrupting international export services, an outage that continued into Thursday. "Please do not post any export items while we work to resolve the issue," the postal carrier tweeted.
Sources identified as "familiar with the investigation" told the The Telegraph the cause of the incident is LockBit ransomware. It infected machines used to print customs labels for parcels being sent to overseas destinations, the newspaper reported.
The Belfast Telegraph reported that at a Royal Mail facility in Northern Ireland, ransom notes were being churned out by printing machines on Tuesday.
Royal Mail did not immediately respond to a request for comment. The postal carrier alerted the U.K's National Cyber Security Center and National Crime Agency. Neither agency provided further details regarding the hack.
LockBit is a prolific ransomware group that has been active since late 2019. The group has not so far listed the data of the Royal Mail on its official leak site. The group is often considered the winner of the contest to succeed Conti as the world's most recognized digital extortion gang (see: Keys to LockBit's Success: Self-Promotion, Technical Acumen).
Its recent victims include the Port of Lisbon, French defense multinational Thales and German auto parts maker Continental.
Ransomware is likely to remain a leading cybersecurity threat in 2023, years after United Kingdom top cybersecurity officials described it in 2019 as a "key threat." Not just frequency but extortion demands have significantly intensified over the past few years, and one cybersecurity firm in 2022 estimated the average ransom demand as reaching nearly $1 million.
The majority of ransomware-as-a-service gangs operate inside Russia, but most are avowedly apolitical, lest they complicate extortion payments by causing firms to fret that they're violating U.S. financial sanctions.
A U.S. official told reporters last year during a meeting of a U.S.-led international effort to crack down on ransomware that gains have been made in the fight against ransomware gangs. Still, "we're seeing the pace and the sophistication of the ransomware attacks increasing faster than our resilience and disruption efforts," the official acknowledged (see: White House Ransomware Confab Ends With Data-Sharing Pledge).