Royal Mail has rolled out more international services - including tracked parcels - after the cyber attack by a Russian-linked ransomware gang hit postal exports.
Export parcels that have been processed will start to be shipped in "limited volumes" the postal service said, and it will also accept new letters for overseas. The company was hit by cyber attack, which caused “severe disruption” to its international export services. It was unable to dispatch items, including letters and parcels, overseas, however domestic mail was not affected.
The hack is believed to have already left more than half a million letters and parcels stuck in limbo. Royal Mail alerted the National Cyber Security Centre and the National Crime Agency who are investigating. The postal service has faced several crises recently, with a series of strikes in 2022 and CEO Simon Thompson coming under fire from MPs about his management of Royal Mail.
Can I send post through the Royal Mail?
Royal Mail restarted exporting parcels overseas, which had already been processed, as well as standard export letters from 19 January. And due to “progress and the growing capability of our alternative export solutions”, more services were resumed from Thursday 26 January.
In a service update on its website, it said: “We will be resuming our International Tracked & Signed as well as International Signed services to all destinations for business account customers and customers buying postage online. This includes parcel, large letter and letter formats of these services. Online shipping solutions will be enabled to allow customers to select these services, print labels and send items from Thursday 26 January.”
Royal Mail said delivery of these items may take slightly longer than usual, and added that tracking information may look slightly different to usual.
However the postal service asked customers not to submit any new tracked or untracked (standard or economy) export parcels. Royal Mail said: “We are aiming to provide further updates on these services in the coming days.”
It added: “Import operations continue to perform a full service with some minor delays. Domestic services are unaffected. We would like to sincerely apologise to impacted customers for the disruption this incident is causing. Our teams are continuing to work around the clock to reinstate all remaining services for export letters and parcels as quickly as we can.”
Who is behind the cyber attack?
The attack is suspected to have come from a Russian-linked ransomware gang called Lockbit, the Telegraph first reported. A Royal Mail distribution centre in Northern Ireland revealed its printers began “spurting” out copies of a ransom note saying “your data are stolen and encrypted.”
Lockbit is believed to have close links to Russia and was behind a major hack of car dealership Pendragon last year - which refused to pay a ransom payment of 60 million dollars. Royal Mail would not comment on the hacking reports, but said it had launched an investigation into the incident and had reported it to its regulators and security authorities.
What has the Royal Mail said about it?
Following the attack, the Royal Mail said: “We have asked customers temporarily to stop submitting any export items into the network while we work hard to resolve the issue. Some customers may experience delay or disruption to items already shipped for export.
“Our import operations continue to perform a full service with some minor delays. Our teams are working around the clock to resolve this disruption and we will update customers as soon as we have more information.
“We immediately launched an investigation into the incident and we are working with external experts. We have reported the incident to our regulators and the relevant security authorities.
“We would like to sincerely apologise to impacted customers for any disruption this incident may be causing.”
A National Cyber Security Centre spokesman said: “We are aware of an incident affecting Royal Mail Group Ltd and are working with the company, alongside the National Crime Agency, to fully understand the impact.” The National Crime Agency has been approached for comment.
The National Crime Agency confirmed it is also looking into the incident. An Information Commissioner’s Office spokesperson added: “Royal Mail has made us aware of an incident and we will be making inquiries.”
Royal Mail cyber attack could have “long term effects”
Paul Holland, a cybersecurity expert and CEO at Beyond Encryption, explained: “At this early stage it’s very difficult to determine the nature of this attack, however one can assume that due to the immediate impact it has had on operations that this was an attack on their core systems. Royal Mail have contacted the relevant authorities and will naturally want to be sure they have effectively closed the door on any threats before they disclose any further details.
“Similarly how quickly this attack will be resolved is at this stage hard to predict. However, we can expect this to have significant long term effects on Royal Mail’s operations.
“The whole country experienced the impact strike action had on post and due to the huge throughput Royal Mail deal with any pause to operations can have a long-lasting impact on the service. Unfortunately for the Royal Mail, as the cost of post continues to increase, as well as a growing familiarity with digital communications turbo-charged by the pandemic, it’s hard to not see this attack negatively impact consumers' propensity to use the service.
“Likewise businesses that are looking to digitise operations are likely to see deliberations and actions accelerate as result of this attack."