Royal Mail Refuses To Pay LockBit Ransom Demand

Royal Mail has refused to pay hackers the £66m they have been demanded by LockBit, the Russia-linked cyber hacking gang. LockBit has published what it claims is the full transcript of its negotiations with Royal Mail for a £66m ($80m) ransom payment. 

The hackers had threatened to publish all stolen data on February 9th if their demands were not met which suggests that this is the day that negotiations between LockBit and Royal Mail came to an end. These chat logs are the first data to be published by LockBit following the attack, which left the British postal service unable to dispatch many items overseas.

The logs show the Royal Mail negotiators trying to explain to the LockBit ransomware negotiators that they do not have the money and cannot possibly pay the enormous ransom demanded.  Extracts include chat logs from a separate extortion attempt where the Conti ransomware gang had demanded $60 million from a US public school district.

In this case, the negotiator claims that they are only a subsidiary of Royal Mail and that an $80 million ransom is an “absurd” amount.  

“As we informed you, we have a response from our board to provide you. Under no circumstances will we pay you the absurd amount of money you have demanded... We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board,” says the Log

LockBit subsequently reduced the demand, but not more than they apparently usually discount during negotiations.

According to Simon West, Cyber Advisory Lead at Resilience "It is absolutely vital that as these sorts of attacks continue to increase, the preparation of executive teams on ransomware scenarios, actionable security controls focused on maintaining business operations, and the financial coverage to help with a recovery are all key factors in building resilience against an extortion attempt, will become a core, business critical function of any well run company."

This latest development in the Royal Mail cyber attack comes just days after LockBit made a ransomware attack on Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes.

Keiron Holyome, VP UKI and emerging markets at BlackBerry commented “We have recently seen a growing trend in companies refusing to pay ransoms following cyber attacks. It is encouraging to see this looking set to continue... it remains absolutely critical that organisations focus efforts on identifying any gaps in their security posture, and apply additional cybersecurity defences, to ensure they are fit to stop incidents if they happen"

The British postal delivery service continues to experience service disruption due to the cyber attack, more than a month later. 

In an update dated February 14, Royal Mail said that while it has made progress, international services were reinstated to all destinations for purchase online, it’s still unable to process new Royal Mail parcels and large letters requiring a customs declaration purchased through Post Office branches.

Royal Mail Chat:    ITPro:     DataBreaches:     Techcrunch:    Computer Weeky:    Proactive Investors

You Might Also Read: 

Negotiating Ransom: To Pay Or Not?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Crackdown On Ransomware Criminals
Businesses Need To Prioritise Cybersecurity In 2023 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

SSL247

SSL247

SSL247 is Europe's leading Web Security Consultancy Firm. We enjoy long-standing partnerships with Certificate Authorities including Symantec, GlobalSign, Entrust Datacard, Comodo, Thales and Qualys.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

Authenteq

Authenteq

Authenteq provides an Omni-Channel identity verification and KYC solution that allows your customers to verify their identity through any channel without compromising their privacy.

MagiQ Technologies

MagiQ Technologies

MagiQ produced the world’s first commercial quantum cryptography product that delivered advanced, future-proof network security.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Tech Vedika

Tech Vedika

Tech Vedika has access to technical guidance, training and resources from AWS to successfully undertake solution architecture, application development, application migration, and managed services.

Seal Security

Seal Security

Seal Security revolutionizes software supply chain security operations, empowering organizations to automate and scale their open source vulnerability remediation and patch management.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.