sveta - stock.adobe.com

Royal Mail resumes some international parcel services from UK

Royal Mail has successfully stood up its International Tracked and Signed, and International Signed, services as it continues to recover from a ransomware attack

Royal Mail continues to make steady progress on recovering its international letter and parcel export services following a suspected LockBit ransomware attack earlier in January.

Having started to despatch standard export letters, and letters and parcels from Northern Ireland into Ireland, on Thursday 19 January, the postal service now says that having made progress on clearing the backlog of items in the system before the attack, it is now in a position to stand up two key parcel services, International Tracked and Signed, and International Signed.

“We have made further progress in exporting an increasing number of items to a growing number of international destinations,” Royal Mail said in a statement. “We are using alternative solutions and systems, which were not affected by the recent cyber incident.

“As a result of this progress and the growing capability of our alternative export solutions, we can now announce that we are resuming our International Tracked and Signed as well as International Signed services to all destinations for business account customers and customers buying postage online.

“This includes parcel, large letter, and letter formats of these services. Online shipping solutions are now enabled to allow customers to select these services, print labels and send items from Thursday 26 January.”

Royal Mail said delivery of items sent via these services may still take longer than usual, and customers may notice different tracking information as items leave the country.

“We continue to ask customers not to submit any new Tracked or Standard/Economy export parcels into our network just yet,” it said. “We are aiming to provide further updates on these services in the coming days.”

No further details

The organisation has not given any further details on the precise nature of the LockBit ransomware attack, the scale of the ransom demand, or whether or not it entered into negotiations with the cartel’s representatives at any point.

The fact that Royal Mail has talked about workarounds and alternative solutions suggest it has rebuffed LockBit’s extortion attempt.

While the length of time it is taking to recover its services is not out of the ordinary for a ransomware attack, Royal Mail is nevertheless facing growing criticism from the myriad small and micro-businesses that depend on it to send goods overseas.

Many small business users are increasingly frustrated at the delays, which in some cases are costing hundreds of pounds, and putting off international customers at a difficult enough time for UK exports, which as predicted have slumped since Brexit.

Speaking to the BBC, one customer, who runs a jewellery business and makes 40% of her sales in Ireland and the US, said she was being forced to use courier services at her own expense to keep things going.

Meanwhile, in its latest results announcement, made today, Royal Mail operator International Distribution Services said its revenues were down 12.8% year-on-year for the nine months to the end of 2022, driven by a structural decline in letters, weaker retail trends, strike action, and far lower volumes of Covid-19 test kits moving through the system. Overall parcel and letter volumes were both down on 2021.

The organisation made an adjusted operating loss of £295m during the period, with the net cost of strike action estimated at £200m.

Read more on Data breach incident management and recovery