ARTICLE AD BOX
By Tom Espiner & Joe Tidy
Business reporters, BBC News
Severe disruption to Royal Mail's overseas deliveries has been caused by a Russia-linked ransomware attack, the BBC has been told.
The attack has affected the computer systems Royal Mail uses to despatch deliveries abroad.
Royal Mail has been warning customers since Wednesday of disruption due to a "cyber-incident".
Its latest advice is for people not to try to send international letters and parcels until the issue is resolved.
Ransomware is malicious computer software that encrypts data and locks up systems.
The ransomware used in the attack is "Lockbit", according to a source close to the investigation.
Computer security firms say the software has been developed and used by criminal gangs with links to Russia.
BBC cyber reporter Joe Tidy has seen a ransom note sent by the criminals to Royal Mail which reads: "Your data are stolen and encrypted'.
The ransom demand is expected to be in the millions, although sources close to the investigation say there are "workarounds" to get the system going again.
Ransomware attacks are a persistent threat to organisations around the world over with attacks happening on a nearly daily basis.
But this situation is highly significant, as Royal Mail is what is deemed "critical national infrastructure" - that is, it is critical to the UK economy.
The attack is not just affecting one company and its customers, but the communications and businesses of citizens at home and abroad.
Ransomware crews typically ramp up pressure on firms to transfer funds in a cryptocurrency such as Bitcoin to an anonymous digital wallet.
They will have a deadline and are likely to be threatening Royal Mail with the prospect of having potentially sensitive data published.
LockBit is thought to have strong Russian roots but the hacker that carried out the attack could be anywhere.
Last November a Canadian/Russian man was arrested for allegedly carrying out LockBit hacks from Canada.
A Royal Mail spokesman declined to comment on whether the attack was ransomware, but repeated warnings to customers that there is no end in sight to delivery disruption.
The firm is still unable to send letters and parcels overseas and says it is "working hard" to fix the issue.
There are also minor delays to post coming into the UK, but domestic deliveries are unaffected.
It said that some customers who had posted items abroad even before the "incident" might see delays.
A National Crime Agency spokesperson said it was "aware of an incident impacting Royal Mail" and was working alongside the National Cyber Security Centre - which is part of the UK's cyber intelligence agency GCHQ - to understand its impact.
The back office system that has been affected is used by Royal Mail to prepare mail for despatch abroad, and to track and trace overseas items.
It is in use at six sites, including Royal Mail's huge Heathrow distribution centre in Slough, as well as its Bristol site.
Royal Mail has faced a number of hurdles in recent months including delivery delays as postal workers strike over pay and conditions.