The LockBit ransomware operation claimed responsibility for the cyberattack on the UK’s main mail delivery service, Royal Mail, which forced the company to halt its international shipping services due to a “serious disruption of service “.

This comes after LockBitSupport, the ransomware gang’s public representative, previously told BleepingComputer that cybercrime group LockBit did not attack Royal Mail.

Instead, they blamed the attack on other threat actors using the LockBit 3.0 ransomware generator which was leaked on Twitter in September 2022.

LockBitSupp did not explain why the Royal Mail printed ransom notes seen by BleepingComputer included links to LockBit’s Tor trading and data leak sites rather than those operated by another threat actor.

However, LockBitSupp confirmed that LockBit was indeed behind the attack in a post on a Russian-speaking hacking forum after determining that one of their affiliates had deployed the gang’s ransomware payloads on Royal’s systems. Mail.

The ransomware gang representative also added that they would only provide a decryptor and delete data stolen from Royal Mail’s network after a ransom payment.

At the moment, the entry of the Royal Mail attack on the LockBit data leak site indicates that the stolen data will be published online on Thursday February 9 at 03:42 UTC.

Attack described as “cyber incident”

royal mail first detected the attack on January 10 and hired outside forensic experts to help with the investigation.

“The incident was detected yesterday, UK/domestic mail not affected,” a Royal Mail spokesperson told BleepingComputer on January 11 when we asked for more details.

“We are experiencing disruptions to our international export services and are temporarily unable to ship items to overseas destinations,” the company said. tweeted.

“Please do not post any export articles while we work to resolve the issue. Sorry for any disruption this may cause.”

The company has also reported the incident to UK security agencies and is investigating the incident alongside the National Crime Agency and the UK National Cyber ​​Security Center (NCSC).

However, Royal Mail has yet to acknowledge that it is facing a ransomware attack which could likely result in a data breach, as LockBit ransomware operators are known to steal data and leak it online if their requests for ransom are not satisfied.

For now, the company still describes the attack as a “cyber incident” and claims to have restored some of the services affected by the attack.

We have resumed our International Standard & International Economy services for customers who purchase postage online. We have also taken over more international standard services for business account customers.

For more information and the latest updates, visit: https://t.co/5rSNKkEL2Y

— Royal Mail (@RoyalMail) February 3, 2023

Last month’s incident follows a Shutdown in November 2022 which led to Royal Mail’s tracking services being unavailable for over 24 hours.

Royal Mail’s recurring IT problems come at a time when its courier services are already under strain amid national strikes planned and ongoing negotiations with the Union of Communication Workers.

H/T Dominique Alvieri