Massive amounts of international shipping in the UK has been grounded after a leading mail delivery service, Royal Mail, suffered a "severe service disruption" due to a cyber incident.
More than half a million parcels and letters have been left in limbo after a purported ransom attack drove Royal Mail to suspend its international postal deliveries.
The company said its UK domestic mail remains unaffected, but has encouraged customers to hold off on exports for the time being.
"Royal Mail is experiencing severe service disruption to our international export services following a cyber incident," said the company.
"We are temporarily unable to despatch items to overseas destinations. To support faster recovery when our service is restored and to prevent a build-up of export items in our network, we’re asking customers not to post international items until further notice."
Royal Mail also warned items which have already been despatched "may be subject to delays" as its teams work around the clock to resolve the disruption.
"We immediately launched an investigation into the incident and we are working with external experts," said Royal Mail.
"We have reported the incident to our regulators and the relevant security authorities," it added.
The BBC reports the incident has impacted a backoffice system which is used by Royal Mail to prepare mail for despatch abroad, as well as track and trace overseas items.
The system is reportedly used at six sites, including the companies' sizeable Heathrow distribution centre in Slough.
Russia-linked ransom gang claims the attack
While Royal Mail failed to provide much information regarding the nature of the incident, details eventually surfaced confirming a ransomware attack had taken place.
First reported by The Telegraph, the attack is said to involve Russia-linked ransomware group called Lockbit.
Lockbit gained notoriety for a rampant string of attacks starting in 2019, and is said to have extorted around $144 million dollars (US$100 million) from its victims over the past few years.
Lockbit's main brand of ransomware, Lockbit Black, works by infecting files on computers, then displaying a message demanding cryptocurrency payment in exchange for "unscrambling" impacted files.
The Telegraph reports Royal Mail suffered a Lockbit Black infection on machines used to print its custom parcel labels for overseas deliveries.
Similar to the recent ransom incident at Queensland University of Technology, the ransom note was reportedly delivered via printers in Royal Mail's Northern Ireland sorting centre, where the attack is said to have stymied all operations.
The ransom note in question reads "Lockbit Black Ransomware. Your data are stolen and encrypted.”
It goes on to threaten the release of stolen data on specified dark web sites unless a ransom payment is made.
"You can contact us and decrypt one file for free," read the note.
Initially, a public-facing representative of LockBit denied involvement in the attack, opting to place the blame on "other threat actors" who were deceptively using its "leaked builder".
Later, a ransomware operator known as LockBitSupp confirmed the ransom gang was indeed behind the attack against Royal Mail, stating they would provide a decryptor and delete the stolen data after a ransom payment is made.
As online debate ran rampart and subsequently flared back down regarding the true culprits of the attack, Royal Mail has maintained near silence on its investigation, and countless international shipping orders remain undelivered.
Customers and cyber security experts have made several requests for an update on online platforms, but to little avail.
"In my view, the lack of official updates from Royal Mail is appalling," said Reddit user simonjh84.
"Critical national infrastructure has been impacted, along with key services important to the economy.
"The regulator should be obligating Royal Mail to provide regular updates at set intervals," they added.
A spokesperson at UK National Cyber Security Centre (NCSC) said, “We are aware of an incident affecting Royal Mail Ltd and are working with the company, alongside the National Crime Agency, to fully understand the impact.”
