UK’s largest mail delivery service Royal Mail suffered a cyberattack that forced them to halt international shipping services.

“We are temporarily unable to despatch items to overseas destinations. We strongly recommend that you temporarily hold any export mail items while we work to resolve the issue. Items that have already been despatched may be subject to delays. We would like to sincerely apologize to impacted customers for any disruption this incident is causing.” disclosed Royal Mail in a service update.

Royal Mail did not disclosed any details about the cyberattack at the moment

LockBit ransomware encryptor used in the attack

According to bleepingcomputer, the attack on Royal Mail is now confirmed to be a ransomware attack by the LockBit operation, or at least someone using their encryptors.

LockBit ransomware is malicious software designed to block user access to computer systems in exchange for a ransom payment. LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organizations.

BleepingComputer has seen an unredacted version of the printed ransom notes and can confirm that they include the Tor websites for the LockBit ransomware operation.

Buy Me A Coffee
Source: Daniel Card on Twitter

The ransom note states it was created by “LockBit Black Ransomware,” which is the operation’s latest encryptor name as it includes code and features from the now-shut down BlackMatter ransomware gang.

READ
Ransomware Cripples London Hospitals, Cancels 800+ Surgeries in a Week