IMAGE: Brett Jordan/Photomosh

Royal Mail progressing to full operations following ransomware attack

Royal Mail is progressing towards resuming full operations just two weeks after a ransomware attack caused “severe service disruption,” marking a victory for British cyber authorities who have stressed the importance of recovery as well as resistance to combat the impact of attacks.

The British postage and courier company’s ability to dispatch parcels and letters to international recipients ground to a halt on January 11 following what Royal Mail described as a “cyber incident.”

Although the incident has not been confirmed as a ransomware attack by Royal Mail itself, The Record has seen a copy of an extortion note sent to the company by the LockBit ransomware group.

Last Wednesday, the company said it was “trialing operational workarounds” to get services moving again and began dispatching standard export letters.

In a new update on Thursday — one which will tentatively be seen as a possible victory for those who have stressed the importance of ransomware victims recovering quickly — Royal Mail announced it had made progress towards resuming full operations.

Royal Mail said it was “resuming our International Tracked & Signed as well as International Signed services to all destinations for business account customers and customers buying postage online.”

It cautioned that shipping may still take longer than usual and said it continued to ask customers “not to submit any new Tracked or Untracked (Standard/Economy) export parcels into our network just yet.”

However it said that it was “aiming to provide further updates on these services in the coming days.”

Last March, the U.K.’s National Cyber Security Centre launched a ransomware hub “to support organizations improve their own resilience” which stressed “how you or your organization responds to and recovers from ransomware will hugely affect the impact of an attack.”

That hub was launched as the profile of ransomware attacks continued to rise in the United Kingdom, with recent attacks on The Guardian newspaper and other high-profile brands being a focus of national attention.

As of last November, ransomware incidents had been responsible for the majority of the British government’s recent crisis management ‘Cobra’ meetings attended by officials across different government departments.

British government sources dealing directly with the ransomware issue told The Record they saw no light at the end of the tunnel, even of the prospect of any improvements which could help the U.K. clamp down on the problem.

At the time they said they were seeing “an increasingly successful business model” with “ransom demands increasing” and “payments increasing” and it becoming “harder to avoid paying a ransom because the entire ecosystem is pushing that way.”

Clarification (12:12 pm EST): An earlier version of this article described Royal Mail as "nearly back to full operations." Following publication, a Royal Mail spokesperson contacted The Record to clarify that although the company is aiming to provide further updates in the coming days, it cannot state with certainty when this situation will be fully resolved.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.