The Daily Telegraph

Ransomware gang threatens to publish Royal Mail data

- By Matthew Field and Gareth Corfield

A Russia-linked hacking gang has claimed credit for the cyber-attack that has crippled Royal Mail, threatenin­g to publish stolen data from it online.

The Lockbit ransomware gang published an update on its website, warning that it would publish “all available data” tomorrow.

The Daily Telegraph revealed in January that the Lockbit gang, which is believed to have close links to Russia, was behind the attack.

It shut down the postal service’s internatio­nal export services, causing significan­t delays to overseas mail and leaving millions of parcels stuck in limbo.

Addressing the threat to dump stolen data online, a Royal Mail spokesman said: “We believe that the vast majority of this data is made up of technical files and administra­tive business data.

“All of the evidence suggests that this data contains no financial informatio­n or other sensitive customer informatio­n.”

The hack is understood to have shut down machines used to print customs and excise labels for overseas postage.

Royal Mail has since put in place ad-hoc alternativ­e systems to get outbound parcels moving, but these remain subject to delays. The day after the January hack, the Lockbit gang printed out ransom notes in Royal Mail warehouses demanding payment in order to unlock the computers it had scrambled.

The Lockbit gang largely communicat­es in Russian on undergroun­d cybercrime forums and has previously said it benefits from the “hostile attitude of the West towards Russia” which allows it to “operate freely within the borders of the former Soviet countries”.

Cyber security experts believe the gang’s members include Russian citizens but stopped short of saying they act on the orders of the Russian state, as many of its peers do.

Simon Thompson, Royal Mail’s chief executive, previously said no customer data appeared to have been stolen.

In a status update following the hack, Royal Mail said: “We continue to make progress in exporting an increasing number of items to a growing number of internatio­nal destinatio­ns.

“We are using alternativ­e solutions and systems, which are not affected by the recent cyber incident.”

It has also informed data watchdog, the Informatio­n Commission­er’s Office. “as a precaution”.

Data protection laws oblige businesses to tell it if they think their customers’ personal informatio­n may have been stolen.

Newspapers in English

Newspapers from United Kingdom