According to media reports, the cyber attack on the British postal group Royal Mail was carried out by the Russian hacker group Lockbit.

It is not yet known how high the ransom that Lockbit is demanding is.

The company spoke of a "serious disruption".

The attack has paralyzed parts of the Royal Mail's IT system.

It is therefore currently unable to send letters and parcels abroad.

The National Cyber ​​Security Center and the National Crime Agency are investigating.

Philip Pickert

Business correspondent based in London.

  • Follow I follow

The postal group handles almost half a million parcels and shipments abroad every day, but now there is a huge backlog.

The Royal Mail had previously found itself in a difficult economic situation due to major strikes on its home market.

As also became known this week, the newspaper "The Guardian" has also been hit by a hacker attack in which employee data was spied out.

Lockbit is a program developed by the Russian-born group that has been used for attacks since late 2019.

According to the American investigative agency FBI, well over a thousand companies and other victims have already been blackmailed, including the French arms company Thales, the Dublin-based IT consulting firm Accenture and the British car dealer Pendragon.

In Germany, the Lockbit gang attacked the automotive supplier Continental last summer and was able to steal around 40 terabytes of data.

The blackmailers threatened to put the sometimes sensitive data on the Internet.

No ransom from Continental

According to Continental, however, it did not pay any ransom.

According to cyber security experts' estimates, the Lockbit group and its affiliated hackers have probably managed to steal around $100 million.

According to Andrew Brandt of cybersecurity firm Sophos, the ransom demands that have been made public range from $200,000 to $1.5 million.

In the case of Royal Mail, the blackmailers are likely to demand at least one million, cyber experts estimate.

The Lockbit hackers initially even demanded $50 million from Continental, but failed.

Brandt advised Royal Mail not to pay Lockbit any money.

The group tries to give themselves a "Robin Hood" image.

The hackers promise not to attack hospitals if they endanger people's lives.

In December, meanwhile, the Sick Kids children's hospital in Toronto Ziel was attacked and blackmailed by hackers with the Lockbit software.

The group released an "apology" on New Year's Eve.

Lockbit makes its software available to other perpetrators, so-called “affiliates”, who can rent and use the program for a fee.

The hacker group has now released the third version of its malware, Lockbit 3.0.

The damage can be massive

The attacks mean massive damage for companies, even if they ultimately do not pay a ransom.

Employees spend days or weeks cleaning up.

In the case of Continental, external forensic experts were first deployed, then 300 employees had to check every single file on their computer.

The number of hacker attacks on companies has increased in recent years.

According to the 2022 survey by Sophos, 67 percent of the companies surveyed in Germany have become the target of malware attacks on their IT systems, in Great Britain it was 57 percent.

The perpetrators very often got into the system through so-called phishing mails and then blocked important data.

According to a Sophos survey, the affected German companies paid an average ransom of $273,000.

Meanwhile, the average cost to restore systems after the attack rose to $1.7 million in 2021-2022, up 48 percent year-on-year.

According to a survey by the digital association Bitkom, hackers, espionage and countermeasures cost the German economy more than 200 billion euros a year.

All over the world, hack victims probably pay billions to extortionists every year.

Estimates of the total amount vary widely.

In the UK, there is a debate among professionals calling for a zero-ransom strategy against hackers.

The founding director of the cybersecurity center of the secret service GCHQ, Ciaran Martin, has even suggested a legal ban on ransom payments.

That would destroy the hacker's business model, according to Martin, who now teaches at Oxford.

When the Irish health service HSE was the victim of a major cyber attack a year and a half ago and hackers demanded millions in ransom in the form of Bitcoin, the government's secret service strictly advised against negotiating with the hackers.

Dublin ended up paying nothing.