The Daily Telegraph
Ransomware gang threatens to publish Royal Mail data
A Russia-linked hacking gang has claimed credit for the cyber-attack that has crippled Royal Mail, threatening to publish stolen data from it online.
The Lockbit ransomware gang published an update on its website, warning that it would publish “all available data” tomorrow.
The Daily Telegraph revealed in January that the Lockbit gang, which is believed to have close links to Russia, was behind the attack.
It shut down the postal service’s international export services, causing significant delays to overseas mail and leaving millions of parcels stuck in limbo.
Addressing the threat to dump stolen data online, a Royal Mail spokesman said: “We believe that the vast majority of this data is made up of technical files and administrative business data.
“All of the evidence suggests that this data contains no financial information or other sensitive customer information.”
The hack is understood to have shut down machines used to print customs and excise labels for overseas postage.
Royal Mail has since put in place ad-hoc alternative systems to get outbound parcels moving, but these remain subject to delays. The day after the January hack, the Lockbit gang printed out ransom notes in Royal Mail warehouses demanding payment in order to unlock the computers it had scrambled.
The Lockbit gang largely communicates in Russian on underground cybercrime forums and has previously said it benefits from the “hostile attitude of the West towards Russia” which allows it to “operate freely within the borders of the former Soviet countries”.
Cyber security experts believe the gang’s members include Russian citizens but stopped short of saying they act on the orders of the Russian state, as many of its peers do.
Simon Thompson, Royal Mail’s chief executive, previously said no customer data appeared to have been stolen.
In a status update following the hack, Royal Mail said: “We continue to make progress in exporting an increasing number of items to a growing number of international destinations.
“We are using alternative solutions and systems, which are not affected by the recent cyber incident.”
It has also informed data watchdog, the Information Commissioner’s Office. “as a precaution”.
Data protection laws oblige businesses to tell it if they think their customers’ personal information may have been stolen.