Russia-linked Lockbit hackers threaten to publish Royal Mail data

Ransomware gang threaten to publish stolen Royal Mail data
Ransomware gang threaten to publish stolen Royal Mail data

A Russia-linked hacking gang has claimed credit for the cyber-attack that has crippled Royal Mail, threatening to publish stolen data from the company online.

The LockBit ransomware gang published an update on its website, warning it would publish “all available data” on Feb 9.

The Telegraph revealed in January that the LockBit gang, which is believed to have close links to Russia, was behind the attack.

The cyber attack shut down the postal service's international export services, causing significant delays to overseas mail and leaving millions of parcels stuck in limbo.

Addressing the threat to dump stolen data online, a Royal Mail spokesman said: “At this stage of the investigation, we believe that the vast majority of this data is made up of technical program files and administrative business data.

“All of the evidence suggests that this data contains no financial information or other sensitive customer information.”

The hack is understood to have shut down machines used to print customs and excise labels for overseas postage.

Royal Mail has since put in place ad-hoc alternative systems to get outbound parcels moving, but these remain subject to delays.

The day after the January hack, the LockBit gang printed out ransom notes in Royal Mail warehouses demanding payment in order to unlock the computers it had scrambled.

The LockBit gang largely communicates in Russian on underground cybercrime forums and has previously said it benefits from the “hostile attitude of the West towards Russia” which allows it to “operate freely within the borders of the former Soviet countries”.

Cyber security experts believe the gang’s members include Russian citizens but stopped short of saying they act on the orders of the Russian state, as many of its peers do.

Simon Thompson, Royal Mail's chief executive, previously said no customer data appeared to have been stolen as part of the attack.

In a status update following the hack, Royal Mail said: “We continue to make progress in exporting an increasing number of items to a growing number of international destinations.

“We are using alternative solutions and systems, which are not affected by the recent cyber incident and have been successfully despatching parcels and letters which were in our network before the cyber incident and our services which have recently reopened.”

It has also informed the Information Commissioner’s Office “as a precaution”. Data protection laws mean businesses must tell the data watchdog if they think customers’ personal information may have been stolen.