Royal Mail data on the dark web after ransomware attack

02/26/2023Cybercrime, Darknet News, Europe, UK

In an effort to demand millions of pounds from Royal Mail, hackers with ties to Russia have uploaded 44 terabytes of data that were taken from the corporation via a ransomware attack.

On Thursday afternoon, the LockBit gang made the stolen data available via its dark web site.

They gained access to Royal Mail’s systems in a January attack that resulted in the suspension of international parcel delivery services for more than a week, and now they are demanding a $40 million (£33 million) ransom from the corporation.

The LockBit hackers have access to the personal information of almost 200 postal workers, Royal Mail said. All impacted employees have been informed that the internet gang obtained access to their personal information.

Screenshots that seem to display excerpts of the stolen data imply that at least one folder has “personel” [sic] information.

The postal worker played down the idea that either staff or customer information had been stolen by crooks, though.

“All of the evidence suggests that this data does not contain any financial information or other sensitive customer information,” a Royal Mail spokesman said. We keep cooperating closely with law enforcement organizations.

“Royal Mail is aware that some information purportedly from our network has been leaked by an unauthorized third party.

At this point in the inquiry, we think that technical program files and administrative business data make up the great majority of this material.

By Thursday afternoon, it seemed as though LockBit had deferred the publication of personal information as a bribe to get Royal Mail to make good on its promise.

Once the gang revealed what it said was a chat transcript of conversations between it and Royal Mail, cyber security industry sources at first thought LockBit had taken nothing of significance.

Video looked to show the thieves requesting a $80 million (£66 million) ransom, but Royal Mail chose to ignore them.

When the timer on LockBit’s dark web blog neared zero last week, the day when the stolen data would be made public had not yet been announced.

Russian-speaking LockBit users prey on Western businesses by stealing private data and threatening to post it online unless a ransom is paid.

They accomplish this using “ransomware,” a class of computer virus that encrypts files on targeted machines in a way that only the hackers can decrypt.

The hackers then decrypt the victim’s files after receiving the ransom, which is typically paid in obscure cryptocurrency.

By far the biggest internet-based threat to UK firms, according to GCHQ’s National Cyber Security Center, is ransomware.