British Post is a LockBit ransomware victim

B2B Cyber ​​Security ShortNews

Share post

According to the British Post's website, they were unlucky on Friday the 13th: the Royal Mail was the victim of a cyber attack and is currently unable to process international mail. Apparently, an affiliate partner struck with the LockBit ransomware.

The first thing that came to mind at the Royal Mail was the LockBit group, when the machines were encrypted and a ransom note was printed out. However, in this case only the LockBit tools, i.e. the ransomware, were used by an affiliate partner. These partners use LockBit's ransomware and infrastructure and give a high percentage of their loot in return. For LockBit, the ransomware and extortion business is even more rewarding. It is also clear that a cyber gangster affiliate partner has struck at the Royal Mail, because the Royal Mail is not listed as a victim on the LockBit leak page.

Royal Mail informs customers about the cyber attack

The British Post informs its customers about the incident on its website. "ROYAL MAIL INTERNATIONAL EXPORT SERVICES, Royal Mail is experiencing a serious service disruption to our international export services following a cyber incident."

“We are temporarily unable to ship items abroad. To support faster recovery, we are asking customers not to ship international items until further notice. This is to prevent an accumulation of export items in our network. Delays may occur for items that have already been dispatched. We sincerely apologize to the affected customers for the disruption caused by this incident... Our teams are working XNUMX/XNUMX to resolve this disruption and we will update you as soon as we have more information. We immediately launched an investigation into the incident and are working with external experts. We have reported the incident to our regulators and the relevant safety authorities."

What happened?

The Telegraph reports that the ransomware attacked encrypted devices used for international shipping. After that, the ransom note was not displayed but printed on printers normally used for customs documents. The printout with the ransom note states that it was created by "LockBit Black Ransomware". This appears to be a new or affiliate group. The site believes that the ransomware contains code and functionality from the now-defunct BlackMatter ransomware gang.

The printout also contains several links to Tor data leak sites and LockBit ransomware gang negotiation pages for which a decryption ID is used to log in. The chat should then hide behind it in order to negotiate with the attackers. However, the ID doesn't seem to work. It is therefore unclear whether the gang deleted the ransom note or moved the chat elsewhere.


More at


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more