Steve Mann - stock.adobe.com

Royal Mail recovers more International Tracked services

Royal Mail is making further progress in recovering IT systems hit by a ransomware attack, and has re-enabled another tranche of international export services

Royal Mail has spun its International Tracked services back up as it makes steady progress in recovering IT systems that were hit by a ransomware attack, tentatively attributed to the Russian-speaking LockBit group or an affiliate, earlier in January 2023.

In an update posted to its consumer-facing portal, Royal Mail said it was now in a position to resume International Tracked services of letters, large letters and parcels, to all destinations, for business customers and consumer users of its online shipping systems. These systems, which customers use to select services, print labels and send items, were successfully re-enabled late in the afternoon of Monday 30 January.

“We continue to make progress in exporting an increasing number of items to a growing number of international destinations, using alternative solutions and systems not affected by the recent cyber incident,” the organisation said.

“Our focus has been on despatching the export parcels and letters which were in our network before the cyber incident. We have also been successfully despatching standard export letters since reinstating service on 18 January and International Tracked & Signed and International Signed letters and parcels since 26 January.”

Royal Mail first detected unauthorised access to its systems on Tuesday 10 January before going public with the news the following day.

It was badly affected by the disruption caused to its international services after the ransomware attack left it unable to despatch either letters or parcels from the UK for days. This caused frustration for the many small and medium-sized enterprises that rely on Royal Mail to ship goods outside the country.

In the three weeks since the attack, it has focused its energies on establishing a number of technically unspecified workarounds that seem to be successfully mitigating the impact of the ransomware locker.

However, this work is ongoing and, for the time being, Royal Mail continues to ask customers to refrain from submitting any untracked export parcels into the postal network. It is also still unable to process new parcels bought through Post Office branches.

That said, it is still possible to use a bricks-and-mortar branch to send export parcels via the Parcelforce Worldwide service, to drop off items labelled online, and to purchase International Standard and Economy letter services.

“We are working hard to resume more services through Post Office branches and will provide further updates on these services as soon as possible. Import operations continue to perform a full service with some minor delays. Domestic services are unaffected,” the organisation said.

“We’re sorry for the disruption this incident is causing impacted customers. Our teams are continuing to work around the clock to reinstate the remaining export services for letters and parcels as quickly as we can.”

The attack on Royal Mail is one of a string of high-profile incidents to have affected organisations in the UK in the past month, including multiple ransomware incidents at the likes of The Guardian newspaper, car dealership Arnold Clark, and KFC and Pizza Hut operator Yum! Brands. Another cyber attack that compromised the details of 10 million people who shopped online at JD Sports came to light on Monday 30 January.

Read more about the attack on Royal Mail

Read more on Data breach incident management and recovery