Royal Mail has spent £10m repairing and strengthening its cyber defences after being breached by ransomware group LockBit earlier this year. The attack also hit Royal Mail’s international revenue, with its overseas delivery service having been out of action for several weeks following the breach.
The impact of the January attack was revealed in interim financial results published by Royal Mail’s parent company IDS. The money spent on remediating the attack contributed towards an annual increase in Royal Mail’s infrastructure costs of 5.6%. It posted a half-year loss of £319m.
LockBit’s attack left Royal Mail “unable to despatch items to overseas destinations.” The ransomware gang stole 44GB of data, mostly consisting of staff records pertaining to 200 employees. Royal Mail refused to meet the ransom demands of the hackers and instead spent a month bringing its international parcel delivery service back online.
Royal Mail was not willing to share details on how it spent £10m to shore up its cyber defences but did confirm its investment in enhanced cyber controls for the prevention, detection, response and recovery from future cyberattacks. “We have an ongoing process to strengthen controls and enhance our cyber resilience to minimise risk and ensure a swift response,” a spokesperson told Tech Monitor, adding that the firm had “prioritised the expansion of in-house and partner cyber team capabilities”.
The specific measures Royal Mail has taken to enhance its cyber-resilience since January are likely to be extensive, says Jake Moore, global cybersecurity advisor at ESET. They “could be as simple as better and more frequent staff training,” says Moore, as well as instituting more robust multi-factor authentication and security updates across the business. Organising regular attack simulations and acquiring “offsite and disconnected backups with a tested restore process is also vitally important and would take a hefty chunk of the money.”
Lockbit’s global crime spree
Meanwhile, LockBit continues to raid other public and private sector organisations around the world. Last week, the group was linked to a major cyberattack against ICBC, forcing the Chinese bank to re-route major transactions through rival financial institutions (LockBit has since claimed ICBC has paid for its data to be returned.) Other alleged victims of the Russian cybercrime cartel include the UK’s Ministry of Defence, Boeing and the software provider Ion Group.
“LockBit persistently spreads [its] infection across a network, encrypting all accessible computer systems in its wake and clearly left quite the impression with Royal Mail,” says Moore. “Preventive measures to ensure companies are protected against any ransomware or malicious attacks are vital and no better lesson can be learnt by experiencing this in real life. Unfortunately, Royal Mail learnt the hard way. But no expense can be spared in helping improve measures to help protect systems.”
Read more: LockBit leaks more Royal Mail data after ransomware attack
