Royal Mail Refuses To Pay LockBit Ransom Demand

Royal Mail has refused to pay hackers the £66m they have been demanded by LockBit, the Russia-linked cyber hacking gang. LockBit has published what it claims is the full transcript of its negotiations with Royal Mail for a £66m ($80m) ransom payment. 

The hackers had threatened to publish all stolen data on February 9th if their demands were not met which suggests that this is the day that negotiations between LockBit and Royal Mail came to an end. These chat logs are the first data to be published by LockBit following the attack, which left the British postal service unable to dispatch many items overseas.

The logs show the Royal Mail negotiators trying to explain to the LockBit ransomware negotiators that they do not have the money and cannot possibly pay the enormous ransom demanded.  Extracts include chat logs from a separate extortion attempt where the Conti ransomware gang had demanded $60 million from a US public school district.

In this case, the negotiator claims that they are only a subsidiary of Royal Mail and that an $80 million ransom is an “absurd” amount.  

“As we informed you, we have a response from our board to provide you. Under no circumstances will we pay you the absurd amount of money you have demanded... We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board,” says the Log

LockBit subsequently reduced the demand, but not more than they apparently usually discount during negotiations.

According to Simon West, Cyber Advisory Lead at Resilience "It is absolutely vital that as these sorts of attacks continue to increase, the preparation of executive teams on ransomware scenarios, actionable security controls focused on maintaining business operations, and the financial coverage to help with a recovery are all key factors in building resilience against an extortion attempt, will become a core, business critical function of any well run company."

This latest development in the Royal Mail cyber attack comes just days after LockBit made a ransomware attack on Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes.

Keiron Holyome, VP UKI and emerging markets at BlackBerry commented “We have recently seen a growing trend in companies refusing to pay ransoms following cyber attacks. It is encouraging to see this looking set to continue... it remains absolutely critical that organisations focus efforts on identifying any gaps in their security posture, and apply additional cybersecurity defences, to ensure they are fit to stop incidents if they happen"

The British postal delivery service continues to experience service disruption due to the cyber attack, more than a month later. 

In an update dated February 14, Royal Mail said that while it has made progress, international services were reinstated to all destinations for purchase online, it’s still unable to process new Royal Mail parcels and large letters requiring a customs declaration purchased through Post Office branches.

Royal Mail Chat:    ITPro:     DataBreaches:     Techcrunch:    Computer Weeky:    Proactive Investors

You Might Also Read: 

Negotiating Ransom: To Pay Or Not?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Crackdown On Ransomware Criminals
Businesses Need To Prioritise Cybersecurity In 2023 »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MetaCompliance

MetaCompliance

MetaCompliance is a cyber security and compliance organisation that helps transform your company culture and safeguard your data and values.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

NANDoff Data Recovery

NANDoff Data Recovery

NANDoff is a flat rate data recovery service. We serve the electronics industry around the globe 24/7.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Cypago

Cypago

Cypago provides a powerful yet easy-to-use Compliance Orchestration Platform to automate the compliance process end-to-end.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

turingpoint

turingpoint

turingpoint GmbH is a tech enabled boutique consultancy. It was founded by security experts with a focus on cyber security and software solutions.

AuthX

AuthX

AuthX provides secure and seamless log-in capabilities through strong authentication and integrations.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.

Meta 1st

Meta 1st

Meta 1st are a progressive SAAS enterprise, dedicated to harnessing the power of AI to address the most critical vulnerabilities in the world of cybersecurity: the Human Layer.

Emergence Insurance

Emergence Insurance

Emergence is an insurance underwriting agency, focused on providing insurance solutions to help protect businesses and families against their cyber risks.