U.K. postal giant Royal Mail says it has finally restored international shipping after a ransomware attack downed its export services for over a month.
Royal Mail spokesperson Mark Street told TechCrunch on Thursday that it has reinstated international export services to all destinations for purchase online and at Post Office branches. “We are now processing close to normal daily volumes of international export mail with some delays,” Street said. In an incident update dated February 23, Royal Mail noted a “small number” of international untracked services for business contract customers continue to face some disruption.
Royal Mail faced severe disruption for six weeks after a January 10 cyberattack left the company unable to dispatch certain items overseas. While the organization had reinstated most online services in recent weeks, Royal Mail could not, until now, process international parcels at its 11,500 Post Office branches.
According to the BBC, Royal Mail ships to 231 countries and territories worldwide and shipped more than 150 million parcels overseas in the past year.
Royal Mail’s long-awaited service update comes as the Russia-linked LockBit ransomware gang, whose high-profile victims have also included NHS vendor Advanced, published some of the data it stole from Royal Mail on its dark web leak site. The prolific ransomware gang initially threatened to publish all stolen data on February 9.
The 45 gigabyte data dump published by LockBit, reviewed by TechCrunch, doesn’t appear to include sensitive customer or financial information, though it does contain at least one employee’s COVID-19 vaccination details.
“Royal Mail is aware that an unauthorized third-party has published some data allegedly obtained from our network,” Street told TechCrunch. “At this stage of the investigation, we believe that the vast majority of this data is made up of technical program files and administrative business data. All of the evidence suggests that this data contains no financial information or other sensitive customer information. We continue to work closely with law enforcement agencies.”
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Earlier this week, LockBit published what it claimed was the full transcript of its negotiations with Royal Mail, which included an initial $80 million ransom demand to provide a decryption tool and to stop the publication of data. LockBit later lowered its demand to $40 million. It’s not clear if Royal Mail paid any of the ransom, and Royal Mail’s spokesperson (Street) declined to say.
LockBit earlier this month also claimed an attack on Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes. The gang threatened to leak data stolen from the company on February 4, though Ion has yet to show up on LockBit’s leak site.
It’s unclear if Ion paid LockBit’s ransom demand, and it’s not yet known how much and what types of data were stolen from the company.
Royal Mail’s ransomware attack:
- January 11: Royal Mail warns of severe disruption after ‘cyber incident’
- January 17: Royal Mail CEO confirms cyberattack downed UK postal service
- February 7: LockBit ransomware group threatens to publish stolen Royal Mail data
- February 14: Royal Mail refused to pay ‘absurd’ LockBit ransom, chat logs say
