Royal Mail’s parent company has revealed for the first time infrastructure costs related to January’s ransomware attack.
The LockBit attack has raised costs in many areas of the business, but the company has already spent £10 million ($12.4 million) on improvements to its Heathrow Worldwide Distribution Center, which was the target of the attack. It will be costly, it said in a regulatory filing today.
The total cost associated with this attack could be even higher, but Royal Mail’s parent company International Distribution Services (IDS) did not provide specific figures.
register Royal Mail did not respond to requests for further information.
The LockBit attack primarily affected Royal Mail’s international shipping operations, which took much longer to resume normal services than domestic procedures.
today’s regulations filing [PDF] The company’s international revenue was down 6.5 percent year-on-year (year-on-year), or £22 million ($27 million), according to the company. This is partly due to cyber attacks.
The decrease in revenue was related to a nearly 5% decrease in package volume, a statistic that was also partially caused by cyber-attacks.
“International parcel volumes, including import and export parcels for Royal Mail and Parcelforce Worldwide, have increased by 5% year-on-year as a result of the global macroeconomic backdrop, the January 2023 cyber incident and recovery from industrial action. “Decreased,” the report said. Said. “International parcel revenue decreased by 6.5% year-on-year.”
The drop in international parcel income was just a small part of the group’s total half-year loss of 319 million pounds ($395.8 million).
Most of these losses stem from an April agreement with the Communications Workers’ Union (CWU) to increase staff salaries by 10% over three years. The company previously announced that it had allocated £61 million ($75.6 million) in additional lump sum payments of £500 to be given to employees again this year.
IDS’s board said it remained “concerned” about Royal Mail’s financial performance, but acknowledged the very challenging trading conditions the company faced throughout the year.
However, compared to the company’s previous preliminary results in March of this year, two months after the ransomware attack, international revenue has improved despite an overall decline.
At the time, IDS reported a 7% drop in package volume due to the cyber attack and a 12.2% drop in revenue due to a decline in consumer spending due to the cost of living crisis.
royal mail summary
Royal Mail has had a difficult start to 2023 after admitting it was the victim of a cyberattack just two weeks into the new year.
It took several days and some confusing chats with LockBit itself, but it was eventually confirmed to be a ransomware attack carried out by a LockBit affiliate.
Details of the attack were slow to spread, but all surfaced the following month when Rockbit set the ransom at $80 million and Royal Mail refused to pay.
LockBit then took the unusual step of leaking the entire history of its negotiations with Royal Mail.
Early chats indicate that Royal Mail negotiators appear to be trying to trick LockBit into unwittingly allowing full recovery without paying the ransom. They did this by demanding proof that the decryptor worked, using his two key files, which Royal Mail claimed would allow it to continue shipping medical supplies.
LockBit later realized that the two files it was asked to decrypt as evidence would allow Royal Mail to recover the system without paying the ransom.
Negotiations lasted about a month, from January 12th to February 9th, but Royal Mail remained silent for nearly a week until the final day. It appears that they had no intention of paying the ransom and used a number of sabotage techniques.
Dirk Schrader, CISO and VP of Security Research at Netwrix, said: The Leg:
“Emerging from a breach is a painful ordeal in itself, as compromised organizations must take a hard look at all the steps that led to the breach in the first place to find aspects of their cybersecurity architecture that need improvement. This forensic effort is a much-needed starting point for any organization to improve itself, learn from its mistakes, and better prepare itself for the next attack.
“If cyber resiliency is a focus of that effort, organizations will plan their business processes and connect the steps of those processes with their associated IT systems to find critical points and single points of failure. Once these critical systems have been identified, you need to ensure that these devices are validated against all attack layers: what kind of data are processed by them, and whether the data is relevant to the process? are defined and monitored. Who has access and privileges on those systems, and are they reduced to the minimum necessary? Systems are systems, the infrastructure itself is hardened, and the services that support business processes are defined and monitored. and applications will be active on it.”®