Royal Mail Refuses To Pay LockBit Ransom Demand

Royal Mail has refused to pay hackers the £66m they have been demanded by LockBit, the Russia-linked cyber hacking gang. LockBit has published what it claims is the full transcript of its negotiations with Royal Mail for a £66m ($80m) ransom payment. 

The hackers had threatened to publish all stolen data on February 9th if their demands were not met which suggests that this is the day that negotiations between LockBit and Royal Mail came to an end. These chat logs are the first data to be published by LockBit following the attack, which left the British postal service unable to dispatch many items overseas.

The logs show the Royal Mail negotiators trying to explain to the LockBit ransomware negotiators that they do not have the money and cannot possibly pay the enormous ransom demanded.  Extracts include chat logs from a separate extortion attempt where the Conti ransomware gang had demanded $60 million from a US public school district.

In this case, the negotiator claims that they are only a subsidiary of Royal Mail and that an $80 million ransom is an “absurd” amount.  

“As we informed you, we have a response from our board to provide you. Under no circumstances will we pay you the absurd amount of money you have demanded... We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board,” says the Log

LockBit subsequently reduced the demand, but not more than they apparently usually discount during negotiations.

According to Simon West, Cyber Advisory Lead at Resilience "It is absolutely vital that as these sorts of attacks continue to increase, the preparation of executive teams on ransomware scenarios, actionable security controls focused on maintaining business operations, and the financial coverage to help with a recovery are all key factors in building resilience against an extortion attempt, will become a core, business critical function of any well run company."

This latest development in the Royal Mail cyber attack comes just days after LockBit made a ransomware attack on Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes.

Keiron Holyome, VP UKI and emerging markets at BlackBerry commented “We have recently seen a growing trend in companies refusing to pay ransoms following cyber attacks. It is encouraging to see this looking set to continue... it remains absolutely critical that organisations focus efforts on identifying any gaps in their security posture, and apply additional cybersecurity defences, to ensure they are fit to stop incidents if they happen"

The British postal delivery service continues to experience service disruption due to the cyber attack, more than a month later. 

In an update dated February 14, Royal Mail said that while it has made progress, international services were reinstated to all destinations for purchase online, it’s still unable to process new Royal Mail parcels and large letters requiring a customs declaration purchased through Post Office branches.

Royal Mail Chat:    ITPro:     DataBreaches:     Techcrunch:    Computer Weeky:    Proactive Investors

You Might Also Read: 

Negotiating Ransom: To Pay Or Not?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Crackdown On Ransomware Criminals
Businesses Need To Prioritise Cybersecurity In 2023 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CEPS

CEPS

CEPS is a leading think tank and forum for debate on EU affairs, ranking among the top think tanks in Europe. Topic areas include Innovation, Digital economy and Cyber-security.

Teradata

Teradata

Teradata is a leading provider of enterprise big data analytics and services. Applications include Cyber Security Analytics.

Mi-Token

Mi-Token

Mi-Token is an advanced two-factor authentication solution that offers unparalleled security, flexibility, cost-effectiveness and ease of use.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

Cybernance

Cybernance

Cybernance provide an enterprise-wide, web-based software solution for managing and mitigating cyber risk based on key compliance frameworks.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

Vuntie

Vuntie

Vuntie blend European craftsmanship, performance and open-source technology to deliver cybersecurity services including penetration testing, incident response, training and consultancy.

Eperi

Eperi

Eperi is a leading provider of Cloud Data Protection (CDP) solutions with 15 years of experience in data encryption for databases, (SaaS) applications and files.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

Drootoo

Drootoo

Drootoo is transforming businesses and making them high performing entities with its unified cloud platform.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Jitsuin

Jitsuin

Jitsuin enables developers with tools and services to build verifiable digital trust between organizations.

Data Protection Commission (DPC)

Data Protection Commission (DPC)

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.