The LockBit ransomware operation has claimed the cyberattack on UK’s main mail supply service Royal Mail that pressured the corporate to halt its worldwide delivery companies on account of “extreme service disruption.”

This comes after LockBitSupport, the ransomware gang public-facing consultant, beforehand instructed BleepingComputer that the LockBit cybercrime group didn’t assault Royal Mail.

As a substitute, they blamed the assault on different menace actors utilizing the LockBit 3.0 ransomware builder that was leaked on Twitter in September 2022.

LockBitSupp failed to elucidate why printed Royal Mail ransom notes seen by BleepingComputer included hyperlinks to LockBit’s Tor negotiation and information leak websites moderately than ones operated by one other menace actor.

Nonetheless, LockBitSupp confirmed that LockBit was certainly behind the assault in a submit on a Russian-speaking hacking discussion board after figuring out that one in every of their associates deployed the gang’s ransomware payloads on Royal Mail’s methods.

The ransomware gang’s consultant additionally added that they might solely present a decryptor and delete information stolen from Royal Mail’s community after a ransom is paid.

For the time being, the entry for the Royal Mail assault on LockBit’s information leak web site says stolen information might be revealed on-line on Thursday, February 9, at 03:42 AM UTC.

Assault described as a “cyber incident”

Royal Mail first detected the assault on January 10 and employed outdoors forensic specialists to assist with the investigation.

“Incident was detected yesterday, UK/ home mail stays unaffected,” a Royal Mail spokesperson instructed BleepingComputer on January 11 after we reached out for extra particulars.

“We’re experiencing disruption to our worldwide export companies and are quickly unable to despatch gadgets to abroad locations,” the corporate tweeted.

“Please don’t submit any export gadgets whereas we work to resolve the difficulty. Sorry for any disruption this will likely trigger.”

The corporate additionally reported the incident to UK safety companies and is investigating the incident alongside the Nationwide Crime Company and UK Nationwide Cyber Safety Centre (NCSC).

Nonetheless, Royal Mail is but to acknowledge that it is coping with a ransomware assault that might doubtless lead to an information breach since LockBit ransomware operators are recognized for stealing information and leaking it on-line if their ransom calls for should not met.

For now, the corporate remains to be describing the assault as a “cyber incident” and says that it has restored among the companies impacted by the assault.

We’ve resumed our Worldwide Normal & Worldwide Economic system companies for purchasers shopping for postage on-line. We’ve additionally resumed extra Worldwide Normal companies for enterprise account clients.

For more information and the most recent updates go to: https://t.co/5rSNKkEL2Y

— Royal Mail (@RoyalMail) February 3, 2023

Final month’s incident follows a November 2022 outage that led to the Royal Mail’s monitoring companies being unavailable for greater than 24 hours.

Royal Mail’s recurring IT points come at a time when its mailing companies are already strained amid deliberate nationwide strikes and ongoing negotiations with the Communication Staff Union.

H/T Dominic Alvieri