{"id":612158,"date":"2023-02-26T08:49:04","date_gmt":"2023-02-26T14:49:04","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/02\/26\/royal-mail-stands-firm-as-lockbit-leaks-data-and-renews-ransom-demand\/"},"modified":"2023-02-26T08:49:04","modified_gmt":"2023-02-26T14:49:04","slug":"royal-mail-stands-firm-as-lockbit-leaks-data-and-renews-ransom-demand","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/02\/26\/royal-mail-stands-firm-as-lockbit-leaks-data-and-renews-ransom-demand\/","title":{"rendered":"Royal Mail stands firm as LockBit leaks data and renews ransom demand"},"content":{"rendered":"<div id=\"content-header\">\n<h2>The LockBit ransomware gang has made good on its threat to leak data exfiltrated from Royal Mail\u2019s systems, but the postal service is not entertaining the possibility of giving in<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"Alex Scroxton\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Alex-Scroxton\">Alex Scroxton,<\/a><br \/>\n\t\t\t\t\t\t<span>Security Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>24 Feb 2023 11:15<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p>The LockBit ransomware gang has leaked a tranche of data exfiltrated from Royal Mail\u2019s IT systems <a href=\"https:\/\/www.computerweekly.com\/news\/252529095\/Royal-Mail-overseas-services-hit-by-major-cyber-attack\">during its January 2022 cyber attack<\/a>, and set a fresh ransom demand of \u00a333m as it renews its efforts to force the postal service to cough up.<\/p>\n<p>The prolific Russian-speaking ransomware operation <a href=\"https:\/\/www.computerweekly.com\/news\/365531392\/Royal-Mail-refused-to-pay-66m-LockBit-ransom-demand-logs-reveal\">had previously set a \u00a366m ransom demand<\/a> \u2013 which Royal Mail rejected as an \u201cabsurd\u201d amount of money \u2013 before dropping it to approximately \u00a347m.<\/p>\n<p>It cut off negotiations with the postal service on or around 9 February but, despite its initial threats, did not release any of the data it stole until 23 February, when a 44GB dump was leaked via its dark web site.<\/p>\n<p>According to preliminary analysis, the contents of the files relate to various parts of Royal Mail\u2019s business, and include technical information, contracts with third-party suppliers, human resource and staff disciplinary records, details of salaries and overtime payments, and even one staff member\u2019s Covid-19 vaccination records.<\/p>\n<p>A Royal Mail spokesperson said: \u201cRoyal Mail is aware that an unauthorised third party has published some data allegedly obtained from our network. The cyber incident impacted a system concerned with shipping mail overseas.<\/p>\n<p>\u201cAt this stage of the investigation, we believe that the vast majority of this data is made up of technical program files and administrative business data. All of the evidence suggests that this data contains no financial information or other sensitive customer information. We continue to work closely with law enforcement agencies,\u201d they said.<\/p>\n<p>The impact of the January attack on Royal Mail\u2019s customers has now largely passed, with the last remaining international services through Post Office branches <a href=\"https:\/\/www.computerweekly.com\/news\/365531554\/Royal-Mail-resumes-full-export-service-after-cyber-attack\">restored earlier this week<\/a>.<\/p>\n<p>At the peak of disruption, the organisation was <a href=\"https:\/\/www.computerweekly.com\/news\/252529242\/Royal-Mail-promises-workarounds-to-restore-services-after-ransomware-attack\">entirely unable to process or dispatch any letters or parcels<\/a> to destinations outside the UK, leaving many small business owners who rely on its services to ship goods to customers overseas in an extremely difficult position.<\/p>\n<p>At the time of writing, Royal Mail said it was currently processing \u201cclose to normal\u201d daily volumes of mail, with some residual delays, and while things are returning to normal, it is possible that customers may still encounter some issues when sending letters and parcels abroad over the coming days and weeks.<\/p>\n<p>The Post Office, meanwhile, has said it will increase remuneration for postmasters for a time to help them recover some of the business they lost to the service disruption.<\/p>\n<p>Tim Mitchell, security researcher and LockBit thematic lead at <a href=\"https:\/\/www.secureworks.com\/\">Secureworks<\/a>, commented: \u201cThe majority of attacks on organisations by gangs like LockBit are opportunistic, exploiting a vulnerability or stolen credentials and grabbing whatever data they can regardless of what it is. But it\u2019s important to remember that even if the data doesn\u2019t contain PII [personally identifiable information] or what Royal Mail would consider sensitive, it could still be valuable to threat actors.<\/p>\n<p>\u201cRoyal Mail might not deem the data that was stolen, and has now been published, as sensitive, but that didn\u2019t stop its international operations being significantly impacted for six weeks. Regardless of the financial ransom demand, the operational pain that LockBit has caused the business is proof of the damage ransomware can inflict on an organisation,\u201d said Mitchell.<\/p>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on Data breach incident management and recovery<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.computerweekly.com\/news\/365531554\/Royal-Mail-resumes-full-export-service-after-cyber-attack\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/Royal-Mail-post-mailbox-letter-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Royal-Mail-post-mailbox-letter-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Royal-Mail-post-mailbox-letter-adobe.jpg 1280w\" alt ><\/p>\n<h5>Royal Mail resumes full export service after cyber attack<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.computerweekly.com\/news\/365531378\/Financial-advisory-firm-Succession-Wealth-probes-cyber-attack\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/financial-results-chart-graph-4-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/financial-results-chart-graph-4-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/financial-results-chart-graph-4-adobe.jpeg 1280w\" alt ><\/p>\n<h5>Financial advisory firm Succession Wealth probes cyber attack<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.computerweekly.com\/news\/365531392\/Royal-Mail-refused-to-pay-66m-LockBit-ransom-demand-logs-reveal\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/Post-Office-Royal-mail-box-adobe_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Post-Office-Royal-mail-box-adobe_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Post-Office-Royal-mail-box-adobe.jpg 1280w\" alt ><\/p>\n<h5>Royal Mail refused to pay \u00a366m LockBit ransom demand, logs reveal<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.computerweekly.com\/news\/365530169\/LockBit-cartel-finally-claims-Royal-Mail-ransomware-attack\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero Images\/Royal-Mail-post-mailbox-getty_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Royal-Mail-post-mailbox-getty_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/ComputerWeekly\/Hero%20Images\/Royal-Mail-post-mailbox-getty.jpg 1280w\" alt ><\/p>\n<h5>LockBit cartel finally claims Royal Mail ransomware attack<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Alex-Scroxton-CW-Contributor-2022.jpg\" alt=\"AlexScroxton\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alex\u00a0Scroxton<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365531853\/Royal-Mail-stands-firm-as-LockBit-leaks-data-and-renews-ransom-demand\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Camellia Haslett<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The LockBit ransomware gang has made good on its threat to leak data exfiltrated from Royal Mail\u2019s systems, but the postal service is not entertaining the possibility of giving in By Alex Scroxton, Security Editor Published: 24 Feb 2023 11:15 The LockBit ransomware gang has leaked a tranche of data exfiltrated from Royal Mail\u2019s IT<\/p>\n","protected":false},"author":1,"featured_media":612159,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36,24931,46],"tags":[],"class_list":{"0":"post-612158","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-royal","8":"category-stands","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/612158","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=612158"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/612158\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/612159"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=612158"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=612158"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=612158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}