The LockBit ransomware group has been linked to a cyberattack on the UK's leading mail delivery service, Royal Mail, which has caused severe disruption to their international shipping services. LockBitSupport, the ransomware gang's public-facing representative, initially denied that LockBit was behind the attack, instead blaming other threat actors for using the LockBit 3.0 ransomware builder that was leaked on Twitter in September 2022. However, they later confirmed that LockBit was indeed responsible after determining that one of their affiliates had deployed the ransomware payloads on Royal Mail's systems. The ransomware gang has stated that they will only provide a decryptor and delete data stolen from Royal Mail's network after a ransom is paid. Royal Mail first detected the attack on January 10 and has since hired outside forensic experts to help with the investigation. The company has also reported the incident to UK security agencies and is investigating the incident alongside the National Crime Agency and UK National Cyber Security Centre. Royal Mail is yet to acknowledge that it is dealing with a ransomware attack that could lead to a data breach, and is instead describing the attack as a 'Cyber incident'. The company has also restored some of the services impacted by the attack. This incident follows a November 2022 outage that led to the Royal Mail's tracking services being unavailable for more than 24 hours, at a time when their mailing services are already strained due to planned national strikes and ongoing negotiations with the Communication Workers Union.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 07 Feb 2023 09:22:02 +0000