LockBit group threatens to publish stolen Royal Mail data tomorrow

Disruption to Royal Mail export services continues

Image:
Disruption to Royal Mail export services continues

RaaS group admits responsibility for January attack and doubles down on threat

The Ransomware-as-a-Service (RaaS) LockBit group, which is thought to be based in Russia, has, belatedly, claimed responsibility for the cyberattack on Royal Mail which continues to cause disruption to Royal Mail's international shipping operation.

LockBit has stated on a dark web site monitored by threat seeking organisations that it intends to publish all available data on 9th February if a ransom is not paid.

In an email response to Reuters, Royal Mail said:

"At this stage of the investigation, we believe that the vast majority of this data is made up of technical program files and administrative business data.

"All of the evidence suggests that this data contains no financial information or other sensitive customer information."

Royal Mail's website says that it is still working to restore full export services after last month's attack. The update informs export customers that they should only be experiencing minor delays.

LockBit is a prolific and professional group which has barely been out of the news since the beginning of 2023. Its most recent well-publicised hit was on the financial software company ION. According to the group, a "very rich unknown philanthropist," paid a ransom, and a decryptor was delivered.

Nonetheless, the LockBit group initially refused to claim responsibility for the original attack on Royal Mail on 10th January, claiming instead that an affiliate had carried out the attack without its knowledge. It was a claim that had a ring of plausibility to it, given that in September 2022, the builder code for LockBit 3.0 was placed on GitHub, allowing anyone to build their own attacks using the code.

An attack on a Canadian children's hospital also occurred in late 2022 which LockBit, presumably mindful of its public image, both disowned and built a decryptor for.

However, the primary LockBit group has now confirmed that it carried out the Royal Mail attack, rather than some out-of-control affiliate.