Royal Mail Starts Limited Delivery Abroad After CyberattackUK Postal Service Testing Workarounds to Tackle Ransomware-Induced Package Backlog
The British postal service says it is resorting to workarounds to clear a backlog of mail destined for recipients outside the United Kingdom as it enters its second week of grappling with the fallout of a cyberattack. The Jan. 11 incident paralyzed the Royal Mail's international operations, a state of affairs it has managed to reverse for unofficial international correspondence only - letters that don't contain goods or require tracking or a customs declaration.
In a Thursday bulletin, the Royal Mail says it is testing workarounds enabling it to move "limited volumes of export parcels." The update comes with a plea for Britons not to attempt to post any new packages for delivery abroad. E-commerce platforms are reportedly telling U.K. sellers to use private sector shippers to move goods.
Royal Mail continues to refer to the cause of its disruption as a "cyber incident" despite evidence that the postal service suffered a ransomware attack at the hands of the LockBit criminal gang (see: Profit at Any Cost: Why Ransomware Gangs Such as LockBit Lie).
Royal Mail CEO Simon Thompson said the incident was a "cyberattack" during a Monday parliamentary hearing that focused on the postal service's ongoing labor disputes. Domestic mail and imports are operating normally, Thompson said. "We believe that there's been no compromising of any form of customer personal information," he told members.
Members also heard from Communications Workers Union leader Dave Ward, who said postal workers may strike again in the coming weeks absent agreement over salary and working conditions.
Details of the attack and its link to LockBit emerged after The Telegraph quoted an unidentified source "familiar with the investigation" who fingered the ransomware group as the attacker. The Belfast Telegraph reported that at a Royal Mail facility in Northern Ireland, printing machines began churning out ransom notes on the day of the attack.
LockBit initially attempted to distance itself from the attack by claiming that an unidentified hacker used an old, leaked copy of LockBit's builder, which is software for generating fresh versions of its ransomware executable. That shaky denial collapsed after LockBit spokesperson LockBitSupp admitted in a Russian cybercrime forum that one of the group's top 10 most profitable affiliates was behind the attack.