Royal Mail in the UK has reopened following a cyber attack last month that has since been identified as Lockbit, a Russia-linked ransomware gang. The gang has demanded a ransom in exchange for data stolen on January 10 and threatened to release it to the public if Royal Mail does not comply, TechCrunch reported.
Royal Mail first confirmed the breach on January 12 and investigators are currently looking into the ransomware attack that impacted its system that ships mail overseas, a Royal Mail spokesperson said in an emailed statement to Gizmodo. While they did not confirm that Lockbit was behind the attack, the spokesperson said they believe that the “vast majority” of the data obtained by the gang is “made up of technical program files and administrative business data.”
According to the spokesperson, the Information Commissioner’s Office was notified immediately once it became aware of the ransomware attack and is currently working with law enforcement agencies to resolve the issue.
In a Twitter post last week, Royal Mail said that International Standard and International Economy services to buy postage online had resumed. “All of the evidence suggests that this data contains no financial information or other sensitive customer information,” the spokesperson told Gizmodo, adding, “We acted quickly to isolate and contain the issue and we have no evidence of any impact on the rest of the Royal Mail network.”
Lockbit previously denied its involvement in the ransomware attack on Royal Mail, but Silicon News reported that the gang has now claimed responsibility and set a deadline for “all available data” to be released on Thursday at 3:42 a.m. UTC if the ransom is not paid, according to TechCrunch. The ransom amount has not yet been confirmed.
Royal Mail confirmed the ransomware attack had occurred in a Twitter post last month, saying it had experienced disruptions to its “international export services and are temporarily unable to dispatch items to overseas destinations.”
The Royal Mail released a public statement on Tuesday saying parcels and letters are being successfully dispatched using different systems that hadn’t been affected by the ransomware attack.
The spokesperson told Gizmodo, “We continue to work closely with law enforcement agencies, adding, “Royal Mail sincerely apologizes for any concern this development may cause.”