Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Royal Mail. Show all posts

TSMC Cyberattack: LockBit Demands a Ransom of $70m


Taiwan Semiconductor Manufacturing Company (TSMC) accused one of its equipment suppliers for its LockBit breach that, that has emerged in the on the gang’s dark web victim blog. Apparently, the ransomware has demanded a whopping $70 million ransom demand./ Without disclosing the type of data hacked, the corporation has named the affected third-party supplier as Kinmax Technology, a system integrator with offices in Taiwan.

TSMC stated on the issue, saying "TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration." The company confirms that no customer data has been exposed in the breach.

“After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the company’s security protocols and standard operating procedures,” the statement added.

One of the affiliates of LockBit, National Hazard Agency shared screenshots of directory listings of stolen TSMC files on their leak website on Thursday, giving them a deadline of August 6 to pay the ransom amount. However, the ransomware gang did not reveal details of the amount of data it stole from the company.

The blog also gave the company an option to extend the said deadline by 24 hours for $5,000, or to delete all stolen content or download it immediately for $70 million.

Kinmax Issues an Apology

Kinmax Technology expertise in networking, cloud computing, storage, security and database management. The company claims to have experienced a breach on 29 June, stating “internal specific testing environment was attacked, and some information was leaked.” The leaked information included “system installation preparation that the company provided to our customers,” Kinmax said.

LockBit Emerges Again

LockBit is a Russian ransomware gang that first came to light in year 2019. As of the first quarter of 2023, it has a total of 1,653 alleged victims, as per a report released by US cybersecurity firm CISA.

According to the report, since its first known attack in January 2020, the cybercrime group has gathered nearly $91m in ransoms from US victims.

LockBit has also been a reason for a number of high-profile cyberattacks in the UK. This year, the gang has been responsible for the popular Royal Mail attacks, where it demanded a ransom of $80m in Bitcoin. The company however did not pay the ransom, deeming the demand as “ridiculous.” The ransomware gang then responded by exposing the data online, along with the copies of the negotiations held between LockBit and the Royal Mail representatives.

The ransomware gang was also responsible for stealing data from WH Smith, a high-end retailer in the UK. The attack was directed at present and former employees' personal information. Since then, there has been no information indicating whether the business has paid the ransom.

Royal Mail's £1bn Losses: Strikes, Cyber Attack, and Online Shopping Crash

The Royal Mail, the UK's national postal service, has reported losses surpassing £1 billion as a combination of factors, including strikes, a cyber attack, and a decrease in online shopping, has taken a toll on its post and parcels business. These significant losses have raised concerns about the future of the company and its ability to navigate the challenges it faces.

One of the key contributors to the Royal Mail's losses is the series of strikes that occurred throughout the year. The strikes disrupted operations, leading to delays in deliveries and increased costs for the company. The impact of the strikes was compounded by the ongoing decline in traditional mail volumes as more people turn to digital communication methods.

Furthermore, the Royal Mail was also targeted by a cyber attack, which further disrupted its services and operations. The attack affected various systems and required significant resources to mitigate the damage and restore normalcy. Such incidents not only incur immediate costs but also undermine customer trust and confidence in the company's ability to protect their sensitive information.

Another factor contributing to the losses is the decline in online shopping, particularly during the pandemic. With lockdowns and restrictions easing, people have been able to return to physical retail stores, leading to a decrease in online orders. This shift in consumer behavior has impacted Royal Mail's parcel business, which heavily relies on the growth of e-commerce.

To address these challenges and turn the tide, the Royal Mail will need to focus on several key areas. Firstly, the company should strive to improve its relationship with its employees and work towards resolving any ongoing disputes. By fostering a harmonious working environment, the Royal Mail can minimize disruptions caused by strikes and ensure the smooth functioning of its operations.

Secondly, it is crucial for the Royal Mail to enhance its cybersecurity measures and invest in robust systems to protect against future cyber attacks. Strengthening the company's digital defenses will not only safeguard customer data but also bolster its reputation as a reliable and secure postal service provider.

Lastly, the Royal Mail must adapt to changing consumer behaviors and capitalize on emerging opportunities in the e-commerce market. This could involve diversifying its services, expanding its international reach, and investing in innovative technologies that streamline operations and enhance the customer experience.




LockBit Attack: Royal Mail Refuses to Pay 'Absurd' Ransom, Says its Chat Logs


The Royal Mail, which is still experiencing complications as a result of last month's cyberattack, has revealed what the LockBit ransomware gang claims to be the detailed transcript of its negotiations with Royal Mail. 

According to reports, Royal Mail rejected an $80 million (£66 million) ransom demand from the LockBit ransomware gang, declaring that it would "under no circumstances" pay the "absurd amount of money" demanded. 

This is in regard to what appear to be chat logs that LockBit disclosed and were published on February 14, documenting weeks of thorough negotiations between LockBit and its victim, who was attacked on January 10.

The chat logs negotiating the ransoms are apparently the first pieces of information LockBit released following the cyberattack on Royal Mail, that halted the British postal service from sending certain products overseas. This is in spite of earlier threats by the ransomware group with ties to Russia to expose all stolen data on February 9. 

The records seem to indicate that this was the last day of negotiations between LockBit and Royal Mail. Screenshots from LockBit's dark web leak site that was reviewed by TechCrunch reveal that talks started on January 12, two days after the U.K. postal company acknowledged that it had been compromised. 

If the chat logs are legitimate, they indicate that LockBit demanded a grand total of $80 million as a ransom payment, which equals 0.5% of Royal Mail’s annual revenue. The negotiator for Royal Mail appeared to inform LockBit that the company would not comply with the demand and that they had mistaken Royal Mail International for Royal Mail. 

“Under no circumstances will we pay you the absurd amount of money you have demanded[…]We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board.” says Royal Mail’s negotiator (anonymous) to a LockBit representative. 

The ransom demand was reportedly then reduced by LockBit to $70 million on February 1. 

The UK’s National Cyber Security Centre, investigating the Royal Mail has long urged the company against paying the ransom demand since this “does not reduce the risk to individuals, is not an obligation under data protection law, and is not considered as a reasonable step to safeguard data.” Additionally, the FBI advises victims to take precautions such as data backups rather than complying with extortion demands. 

Royal Mail did not object to the legitimacy of the chat records when approached, it has declined to answer certain questions. “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident,” said a Royal Mail spokesperson, who declined to provide their name. 

The upcoming actions of Royal Mail are still not clear. As of now, since the negotiation between the company and LockBit appears to be unsuccessful, the company could soon be witnessing larger fallout if the stolen data is published online. LockBit’s dark web leak site currently informs that “all available data” has been published, although unavailable to be viewed. 

The postal giant continues to face disruption in its services following the cyberattack, more than a month later. According to a company update dated February 14, despite advances (-i—international services were resumed to all destinations for online purchases) - the company is still unable to process new Royal Mail parcels and large letters requiring a customs declaration bought at the Post Office branches.   

JD Sports: Data of 10 Million Customers at Risk


Following a cyber-attack, sportswear chain JD Sports has confirmed that the stored data of around 10 million customers might be at risk. The company said data that “may have been accessed” by the threat actors included names, addresses, email accounts, phone numbers, order details, and the final four digits of bank cards. 

Apparently, the data is related to online orders between November 2018 and October 2020. The company assured that the affected customers are being informed about the breach. 

It further added that the affected data was “limited.” The company claimed that payment card information was secure and that there is no reason to believe that hackers had gained access to customer passwords. 

In regards to the data breach, the chief financial officer of JD Sports, Neil Greenhalgh stated “We want to apologize to those customers who may have been affected by this incident […] Protecting the data of our customers is an absolute priority for JD.” 

The hack targeted online purchases made under the JD, Size, Millets, Blacks, Scotts, and MilletSport brands. It is believed that the business discovered the attack recently, but that only historical data was accessed. 

Reportedly, the company is working in collaboration with some of the “leading cyber-security experts” and is engaging with the UK’s Information Commissioner’s Office (ICO) in regard to the incident. 

Mr. Greenhalgh has advised the affected customers to be “vigilant about potential scam e-mails, calls and texts.” 

UK Companies Vulnerable to Cyber-attacks 

In recent times, numerous UK Businesses have witnessed at least one cyber-attacks. For an instance: 

  • Earlier this month, Royal Mail was a victim of a ransomware attack that resulted in its halt of post and parcel delivery operations overseas. 
  • In December 2022, the Guardian newspaper was targeted by a malicious ransomware attack. 

According to Lauren Wills-Dixon, solicitor and an expert in data privacy at law firm Gordons, businesses are needed to be prepared for potential cyber-attacks since they are among the most common targets for threat actors. The reason for the same is the large amount of customer data they have in store. 

She also added that the increased use of technology by the industry “to reduce overheads and streamline operations has raised the risk even further.” 

“In this new world, it's not 'if' but 'when' a cyber-attack will happen.”