Getty Images

Royal Mail making limited progress on ransomware recovery

Royal Mail asks customers to hold back from sending post overseas as some services get back on track, while a report warns that disruptive attacks on critical infrastructure are set to become more common

Royal Mail has said that international deliveries of letters and parcels are getting back on track after being suspended for over a week in the wake of a suspected LockBit ransomware attack, but has asked customers to refrain from posting new items to overseas destinations just yet.

A limited export service resumed on Thursday 19 January after Royal Mail’s technical teams implemented an unspecified workaround, which seems to have enabled the organisation to mitigate or bypass the impact of the ransomware attack.

In a statement released on Monday morning, a Royal Mail spokesperson said: “We have now resumed international export despatches for all mail streams including parcels and letters across a growing number of international destinations.

“We are making good progress in despatching items that are already in our network across all of our services. Please note you may see less tracking information than usual as we continue to restore our services.

“At this time, we continue to ask customers not to submit new parcels for export, and we will update further on service resumption as soon as possible.

It added: “Royal Mail continues to work with external experts, the security authorities and regulators to mitigate the impact of this cyber incident, with a focus on restoring all services for export letters and parcels. Our import operations continue to perform a full service with some minor delays. Domestic services remain unaffected.”

On Friday 20 January, Royal Mail also reenabled international despatch of items from Post Office branches in Northern Ireland into Ireland, although this service is not yet available in England, Scotland or Wales.


In its 2023 Global risks report, the World Economic Forum said that the “ever-increasing intertwining of technologies with the critical functioning of societies” was becoming an increasing source of global risk, and forecast that “attempts to disrupt critical technology-enabled resources and services,” of which the incident affecting Royal Mail is one, will become more common.

Indeed, it said, its 2022-2023 Global risks perception survey predicted that cyber attacks on critical national infrastructure (CNI) would be comparable to the current crises in energy and food supply, rising inflation, and the cost-of-living crisis in terms of their global impact this year.

The report added that the critical functioning of whole economies would become more exposed with breakthroughs in technologies such as quantum computing.

Mark Wojtasiak, product strategy vice-president at Vectra, a supplier of artificial intelligence-backed threat detection services, said: “CNI is becoming an increasingly attractive target for criminal cyber gangs, posing the very real threat of major disruption to areas such as food, water and energy.

“In a time where vital services are already under immense strain from rising costs and supply disruption, organisations responsible for CNI can’t afford for cyber attacks to cause further turmoil.

“While WEF outlines the need to develop cross-sector resilience to cyber risks, this should be seen as a starting block,” said Wojtasiak.

“In practice, CNI organisations have to address their rising attack surface, focusing on improving their visibility into their IT environments. This means reducing the noise they face from security alerts, and achieving clearer attack signal intelligence so security teams can accurately and reliably prioritise threats, stopping attacks before they become breaches.”

Read more about the attack on Royal Mail

11 January: UK postal service Royal Mail is asking customers not to send any overseas letters or parcels while it deals with the impact of an ongoing cyber attack.

13 January: The still-developing cyber incident at Royal Mail may be the work of the infamous LockBit ransomware operation.

17 January: Royal Mail CEO Simon Thompson apologises to customers whose businesses are being disrupted by a ransomware attack and promises a “workaround” will be in place in the near future.

19 January: Royal Mail has resumed limited international services after putting in place operational workarounds to bypass the impact of a ransomware attack.

Read more on Data breach incident management and recovery

Data Center
Data Management