"Royal Mail's Attackers Linked to Russia-Backed LockBit"

The infamous Russia-backed LockBit ransomware group has been identified as a potential culprit behind the recent cyber incident involving the UK's postal service.  On January 11, 2023, while Royal Mail's international deliveries were severely disrupted because of a "cyber-incident," printers at a distribution site of the UK's postal service in Belfast, Northern Ireland, started printing ransom notes.  According to the company, the ransom note was headlined "LockBit Black Ransomware.  Your data are stolen and encrypted".  LockBit is a prolific Russia-backed ransomware group that was recently in the spotlight for hacking Toronto's Hospital for Sick Children (SickKids) in December 2022.  Security researcher Rik Ferguson from Forescout stated that the LockBit  Black ransomware is the latest version of the threat actor's encryptor, launched in June 2022, and includes code used by the defunct Black Matter ransomware group.  The researcher noted that the Black encryptor is part of LockBit 3.0, the third version of the group's project.  Security researchers at DuskRise stated that one main difference between LockBit 3.0 and LockBit 2.0 is that the group has come up with another way to pressure and extort its victims.  Until now, they were given a well-defined period of time to pay the requested ransom.  However, with LockBit 3.0, the group seems to have included new possibilities for negotiations.  One can now pay a specific fee to extend the timer by 24 hours, destroy all data from the website, or download all data right away. 

Infosecurity reports: "Royal Mail's Attackers Linked to Russia-Backed LockBit"