International post resumes thanks to Royal Mail ‘workarounds’

Royal Mail has resumed a “limited” international export service for letters and parcels leaving the UK, after successfully putting in place some technical workarounds that seem to have been able to bypass systems impacted by a ransomware attack earlier in January.

The attack, which is alleged to be the work of the Russian-speaking LockBit cartel or an affiliate, began on Tuesday 10 January and was publicly disclosed the following day.

In a statement, Royal Mail said: “We are trialling operational workarounds and have started moving limited volumes of export parcels. While we trial these operational workarounds, we continue to ask customers not to submit any new export parcels into the network. Our initial focus will be to clear mail that has already been processed and is waiting to be dispatched.

“We are pleased to announce that we have resumed the export of letters which do not require a customs declaration to all international destinations. From 7pm [on] Wednesday 18 January, customers will be able to start submitting international export letters which do not require a customs declaration into the Royal Mail network again through all channels including Royal Mail post boxes and Post Office branches.

“Royal Mail continues to work with external experts, the security authorities and regulators to mitigate the impact of this cyber incident, with a focus on restoring all services for export letters and parcels. Our import operations continue to perform a full service with some minor delays. Domestic services remain unaffected,” said the organisation.

“We apologise to impacted customers for any disruption this incident may be causing. Please be assured our teams are working around the clock to fully resolve this situation.”

Taking questions earlier this week at a government committee evidence session on the impact of a series of ongoing postal strikes, Royal Mail CEO Simon Thompson declined to offer any further details of the incident, saying he had been advised that to do so may hinder the organisation’s response to it.

He said there was no evidence of any customer data having been compromised, although he acknowledged the situation was fluid and that this might change. At the time of writing, this can still be assumed to be the case.

Royal Mail declined to comment further on the nature of the technical workarounds it is trialling in response to questions from Computer Weekly.

Nevertheless, the resumption would suggest that the postal service has found a way to bypass or mitigate the disruption to the affected systems in such a way that implies it is not negotiating with its attacker, nor plans to pay a ransom.

Helen Davenport, a technology partner at law firm Gowling WLG, said: “This is a step forward from Royal Mail’s perspective, but the cyber attack has nevertheless clearly been disruptive and had an impact on at least some aspects of its business.

“It will be interesting to see whether the company puts more preventative measures in place moving forward to mitigate any potential loss of business as a consequence of this and any future attacks. While the security of customer data is paramount, the major disturbance cyber attacks can also cause to the regular flow of business can be financially debilitating,” she said.