Enlarge image
Royal Mail staff (archive image): 'Items that have already been processed may be delayed'
Photo: Carl Court/ Getty Images
The notorious LockBit group is said to be behind the attack on the British Royal Mail, which became known on Wednesday.
This was reported by the Telegraph newspaper and the BBC.
The hacker group itself, however, rejects this, as »Bleeping Computer« writes.
She has a different explanation.
The fact is: LockBit is a criminal group that specializes in ransomware.
Their malware encrypts files, drives, and backup copies on victims' networks, rendering them unusable.
In exchange for a ransom, she hands over a key to make the systems operational again.
In addition, LockBit often increases the pressure on those affected by threatening to publish previously copied internal data.
However, the group does not always carry out the attacks themselves. Rather, they operate an affiliate program that is now common in the criminal industry, i.e. they cooperate with other perpetrators who rent their ransomware and services.
LockBit demands 20 percent profit sharing.
(Read more about the ransomware business model here. )
In addition, a current version of their encryption program was leaked on Twitter in September.
It is therefore quite possible that neither LockBit nor an "affiliate" partner was behind the attack on the British Post Office.
"Bleeping Computer" has reached the extortion group.
According to their statement, someone else used their encryption program for the hack.
According to the article, if this is true, it could be a purely destructive attack with no intention of extorting ransom.
Although there is a ransom demand "in the millions", as the BBC writes, citing investigators, the blackmail letter also contains references to LockBit dark network addresses.
But the contact option also mentioned therein does not work allegedly.
It could therefore be a kind of diversionary maneuver.
For Royal Mail customers it makes no difference at the moment.
The postal service is one of the largest in the world and initially had to stop all overseas mail from the UK.
The former state-owned company advises its customers not to give up such programs at first, so as not to increase the backlog any further.
The Royal Mail website goes on to say : "Items that have already been processed may be delayed".
Shipments from abroad to the UK could also be slightly delayed.
LockBit is one of the most active ransomware groups
The French armaments group Thales and the German Dax group Continental are said to have recently been among the victims of LockBit and the partners of the group.
In the cybercrime department at the Federal Criminal Police Office, LockBit was one of the groups last year that were classified as particularly active and dangerous.
According to counts by the IT security company Malwarebytes, the group recorded by far the most successful attacks between March and August.
The backers are believed to be in Russia and the countries of the former Soviet Union.
pbe