Cyber incident continues for Royal Mail

By David Hartwig

Great Britain’s Royal Mail has reported a cyber incident and is temporarily unable to send international mail, the postal agency said. Royal Mail announced disruptions to international mail services Jan. 12 on Twitter.

In a Jan. 17 service update on its website, Royal Mail said that it is “experiencing severe service disruption.”

“We are temporarily unable to despatch items to overseas destinations,” Royal Mail said. “To support faster recovery when our service is restored and to prevent a build-up of export items in our network, we’re asking customers not to post international items until further notice. Items that have already been despatched may be subject to delays. We would like to sincerely apologise to impacted customers for any disruption this incident is causing.”

The affected back office system, in use at six sites, prepares international mail and tracks overseas items, BBC business reporter Tom Espiner said in a Jan. 12 article published by the news organization.

On Jan. 13, the BBC continued its coverage with an article by Espiner and cyber reporter Joe Tidy, who said the disruption was caused by Russian criminals using ransomware, defined by the authors as “malicious computer software that encrypts data and locks up systems.”

The ransomware used, called LockBit, is thought to be based in Russia, according to the BBC, but the person who carried out the attack could be anywhere.

The BBC said Royal Mail received a ransom note that said “Your data are stolen and encrypted.”

The note included a demand “expected to be in the millions,” Espiner and Tidy said, although they cited unnamed sources claiming there were “workarounds” for Royal Mail to get the system working again.

Espiner and Tidy said Royal Mail “declined to comment on whether the attack was ransomware,” and the reporters did not name their source for their information.

In another article published Jan. 12, Tidy said that the postal agency was “being careful not to call it a cyber-attack, which opens up the possibility that it might be a large scale technical glitch, or even some sort of sabotage to the system.”

In his Jan. 12 article, Tidy said, “Royal Mail is being especially vague about what is happening inside its international mail centres.”

However, the postal agency has outlined early steps it took when learning of the incident.

“We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities,” Royal Mail said.

As early as Jan. 11, the incident had been reported to the National Cyber Security Centre, part of the United Kingdom’s cyber intelligence agency.

A spokesperson for the center said in a Jan. 11 statement, “We are aware of an incident affecting Royal Mail Group Ltd and are working with the company, alongside the National Crime Agency, to fully understand the impact.”

Tidy said this is “a major incident with far-reaching effects” in his Jan. 12 article. On Jan. 13, Espiner and Tidy added that Royal Mail’s status as “critical national infrastructure” made the situation significant.

As of Jan. 17, Royal Mail is still unable to send international letters and parcels, but the postal agency said “teams are working around the clock to resolve this disruption.” 

Connect with Linn’s Stamp News: 

    Sign up for our newsletter
    Like us on Facebook
    Follow us on Twitter