• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Royal Mail ransom note leaked, LockBit’s role remains uncertain

You are here: Home / General Cyber Security News / Royal Mail ransom note leaked, LockBit’s role remains uncertain
January 13, 2023

Royal Mail van parked in a fleet

Getty Visuals

Immediately after possessing been joined with the “cyber incident” affecting the UK’s Royal Mail Group, the LockBit ransomware operation has denied its associates have been driving the assumed attack.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Ransom notes started printing at Royal Mail’s sorting business office in Mallusk, Northern Ireland, on Thursday evening revealing threats of facts leakage if a ransom was not paid out, the Belfast Telegraph documented.

Visuals of the ransom be aware, which claimed to be authored by the operators of LockBit Black – the gang’s 3rd variation of the ransomware (also recognized as LockBit 3.) that shares code with Black Matter’s payload – ended up shared extensively all through the evening.

The note claimed Royal Mail’s facts ended up “stolen and encrypted”, and that it would be revealed on its deep web-centered leak web site if the ransom was not compensated. 

ahhhh found it…. #RoyalMail #LockBit #Ransomware pic.twitter.com/WTef3s6bDn

— mRr3b00t (@UK_Daniel_Card) January 12, 2023

Also incorporated were two URLs that led to on the internet portals as a result of which the hackers could be contacted, and a decryption ID to enter when one of the contact websites were being accessed.

The URLs are imagined to be the exact as these discovered on the ransom take note been given by the André Mignot clinic in Versailles past month.

The attack compelled patients to be moved and was later on attributed to LockBit Black ransomware, on the other hand, the decryption IDs were not issued by LockBit itself in this scenario.

For each a report from Bleeping Computer system, which contacted LockBit, the ransomware gang has denied involvement in the attack on the British multinational postal firm.

Security scientists have elevated concerns about the legitimacy of LockBit’s denial. 

The builder for LockBit Black was leaked in September by a team which claimed to have hacked LockBit’s servers.

This implies that hackers, in theory, really do not require to be official ‘affiliates’ of LockBit’s ransomware as a assistance (RaaS) programme in buy to start attacks utilizing its computer software.

Even so, the contact URLs provided in the note directed to LockBit’s website and the decryption ID in the beginning labored, but following the ransom notice was leaked, researchers have reportedly said the ID is no for a longer time valid.

If the decryption ID did function at some place in time, as a person professional confirmed, it could either necessarily mean LockBit truly did carry out the attack, or an unaffiliated attacker launched the ransomware while also getting privileged access to LockBit’s formal web page so they could create a negotiation chat portal for Royal Mail.

Requested for confirmation of the leak’s legitimacy, the UK’s Countrywide Cyber Security Centre (NCSC) and Royal Mail the two explained to IT Pro that they would not be disclosing any specifics at the time of producing.

The Nationwide Criminal offense Agency (NCA), also concerned in the ongoing investigations, did not reply to requests for comment.

What is the “cyber incident” at Royal Mail?

Royal Mail verified on Wednesday evening that it was suffering the effects of a “cyber incident” which carries on to ‘severely disrupt’ the international shipping and delivery department of its business enterprise.

“We are briefly not able to despatch objects to abroad places,” read through its incident update page. “We strongly recommend that you briefly maintain any export mail merchandise although we perform to take care of the issue. Goods that have now been despatched may perhaps be subject matter to delays. We would like to sincerely apologise to impacted clients for any disruption this incident is resulting in.”

Very handful of aspects of the incident have been discovered other than that the NCSC and NCA are concerned in the investigation, and the Info Commissioner’s Office environment (ICO) has also been informed.

Royal Mail has never ever explained the incident as an ‘attack’ and all get-togethers involved have nonetheless to verify that the incident is ransomware in character.

“We are mindful of an incident affecting Royal Mail Team Ltd and are working with the enterprise, together with the Nationwide Criminal offense Company, to completely recognize the impact,” the NCSC mentioned in a temporary formal statement.

As of Friday, Royal Mail’s abroad transport procedures keep on being severely disrupted.

IT Pro will continue on to report on the story as it develops.




Some parts of this report are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Millions of Insurance Customers Compromised Via Supplier

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Royal Mail ransom note leaked, LockBit’s role remains uncertain
  • Millions of Insurance Customers Compromised Via Supplier
  • FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations
  • The Guardian Confirms UK Members’ Data Was Accessed in Ransomware Attack
  • Telegram Bot Abuse For Phishing Increased By 800% in 2022
  • Google Chrome ‘SymStealer’ Vulnerability Could Affect 2.5 Billion Users
  • Cyber-Threat Actors Tailoring Attacks to Key Sectors
  • IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours
  • Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover
  • Microsoft’s VALL-E will usher in new era of cyber crime

Copyright © TheCyberSecurity.News, All Rights Reserved.