Ransomware group with links in Russia behind UK Royal Mail incident

A cyber incident that led to severe disruption to Royal Mail's international export services was caused by Lockbit, a ransomware group that some cybersecurity experts say has members in Russia, according to Reuters.

Royal Mail, one of the world's largest post and parcel firms which serves thousands of businesses, was still unable to despatch items to overseas destinations as of January 12, according to an update on its website following the incident, which it reported on January 11.

To prevent a build-up of export items in its network, the British postal company, which is part of part of International Distributions Services, has advised customers not to post international export items until further notice.

Royal Mail, which declined to comment on the Telegraph report, earlier said it had engaged external experts and notified security authorities as it investigates the incident.

Ransom software, or ransomware, works by encrypting victims' data, with hackers offering the victim a key in return for payments that can run as high as millions of dollars. The number of ransomware incidents has increased sharply in recent years.

Lockbit also claimed to have targeted a French cosmetics firm called Nuxe, according to a screenshot of the group's blog on the dark web posted to darkfeed.io, a website which tracks ransomware groups.

Lockbit ransomware has been detected all over the world, with organisations in the United States, India and Brazil among the common targets, cybersecurity firm Trend Micro said last year.

It called the group, which some cybersecurity experts say has members in Russia, "one of the most professional organised criminal gangs in the criminal underground".

Britain's Information Commissioner's Office said it would be making enquiries about the Royal Mail incident, while the National Cyber Security Centre said it was working with the company and the National Crime Agency to "fully understand the impact".