Royal Mail ransomware attack update

UK’s Royal Mail experienced a cyber attack during the second week of January 2023. This cyber attack has turned out to be a ransomware attack. We look at the updated status of this cyber incident involving Royal Mail and the Russian ransomware group.

Update as of 23.02.23:

Lockbit has dumped the Royal Mail data as of a fresh update released earlier today. The ransomware operator was demanding $40 million to help decrypt the data. However, it appears that the data has now been dumped online.

Meanwhile, Royal Mail has resumed international parcel services through the Post-office network. The mail provider has eventually limped back to normalcy. This essentially means that Royal Mail has been able to defend against the ransomware attack and restore business operations over the past few weeks to offer normalized services to customers.

This update completes our story coverage for the Royal Mail ransomware incident. You can read more about how the ransomware attack unfolded on Royal Mail over the previous 6 weeks. From here on, no fresh updates on this ransomware incident will be shared.

Salient points about the Royal Mail ransomware attack

  • Ransomware attack on UK’s Royal Mail has been executed by the Lockbit ransomware group.
  • The attack was carried out in the second week of January 2023. Royal Mail acknowledged the cyber incident on 11th January 2023.
  • The impact of this ransomware attack seems to have affected international parcels and deliveries.
  • The computer systems affected by the ransomware attack used to handle international dispatches. Significant delays are expected for international deliveries as Royal Mail tries to recover the encrypted data and resume full operations.
  • Meanwhile, Lockbit has threatened that it will release Royal Mail’s data on 9th February 2023. The threat will be carried out in the absence of ransom payments by Royal Mail.
  • Royal Mail’s operations are affected. The extent of the impact on the operations is not clear.
  • Royal Mail is unable to accept international parcels through Post office branches for international dispatches.
  • Domestic services of Royal Mail are unaffected by this cyber breach and ransomware attack.
  • There is no clarity as to how Lockbit was able to exploit a loophole to target Royal Mail servers. The number of affected servers remains unknown at this point.
  • Additional services are being restored by the Royal Mail group on 9th February. For a list of business services that will be resumed on 9th February, look for the details below.
Ransomware attack on Royal Mail servers
Source – Flickr

Royal Mail has released an updated statement about the incident on this page.

The statement establishes the fact that some servers of the Royal Post network have had the data encrypted by the ransomware group. In the interim, Royal Mail tries to make alternate arrangements for international parcels and deliveries.

On 9th February, Royal Mail will be restoring additional services for international shipments. As per the note published by Royal Mail, starting 1900 hours on 9th February, the following services will be restored:

  • International Tracked, International Tracked & Signed and International Signed for purchase online/through shipping solutions 
  • For Consumer and On Account customers all international untracked (Priority, Standard, Economy) services are now available for purchase online 
  • For Business Contract customers we have reinstated International Untracked personal correspondence letter services and most non-personal correspondence International Standard (untracked) services through our online shipping solutions.  

Update of Royal Mail cyber incident as of 14th February 2023

  • Lockbit has not published Royal Mail’s data at the end of the time given to the group.
  • Lockbit has posted a cryptic note -“Royal Mail need new negotiator”.
  • Meanwhile, Royal Mail has stated that the International services have been reinstated to all destinations for purchase online and through our shipping solutions with the exception of a small number of International Untracked services for Business Contract customers where alternative services are available.
  • Delivery of international items continues to remain delayed.
  • Royal Mail is unable to accept international parcels through the Post office network.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.