Royal Mail hit by Russia-linked cyber attack

Royal Mail has been unable to send letters and parcels overseas since Wednesday (11 January) due to a ransomware attack that affected its computer systems. 

The organisation has advised people not to try to send international letters and parcels until the issue is resolved.

The attack has been claimed by LockBit, a hacker group widely thought to have close links to Russia. According to The Telegraph, the group was able to get the printers at a Royal Mail distribution site near Belfast in Northern Ireland to start printing ransom notes that threatened to publish the stolen information online.

The note said: “Lockbit Black Ransomware. Your data are stolen and encrypted.”

The back office system affected is the one used by Royal Mail to prepare mail for despatch abroad, and to track and trace overseas items. It is used at six sites, including Royal Mail’s Bristol site and its huge Heathrow distribution centre in Slough.

The ransom demand is expected to be in the millions, although sources close to the investigation say there are “workarounds” to get the system going again.

Ransomware attackers are those that exploit gaps in organisations’ security to install their own software and encrypt files so they are unusable. 

These types of attacks are a persistent threat to organisations around the world, and their occurrence has skyrocketed since the pandemic. The UK’s NHS, the US’s Apple, and even the Albanian government have all recently suffered severe cyber attacks that have disrupted their services and put their users’ personal information at risk.

However, the fact that Royal Mail is considered part of “critical national infrastructure” has raised the stakes of this attack. 

Royal Mail has reported the incident to the UK’s government-run National Cyber Security Centre, the National Crime Agency and the Information Commissioner’s Office. The firm is still unable to send letters and parcels overseas and says it is “working hard” to fix the issue.

“We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue,” a Royal Mail spokesman said. “Some customers may experience delay or disruption to items already shipped for export.

“Our import operations continue to perform a full service with some minor delays.

“Our teams are working around the clock to resolve this disruption and we will update customers as soon as we have more information.”

Over the last month, Royal Mail deliveries have also been affected by strike action regarding a dispute over pay and changes to working conditions.

A National Crime Agency spokesperson said it was “aware of an incident impacting Royal Mail” and was working alongside the National Cyber Security Centre, which is part of the UK’s cyber-intelligence agency GCHQ, to understand its impact.

Last November, the Australian Signals Directorate’s latest annual cyber threat report warned that cyber attacks from criminals and state-sponsored groups had significantly increased in the past financial year, turning the cyber space into “the domain of warfare”.

In May, the European Union agreed on tougher cyber-security rules for essential sectors, with companies required to assess their risks, notify authorities and take measures to deal with the risks or face fines of up to 2 per cent of global turnover.