Royal Mail Refuses To Pay LockBit Ransom Demand

Royal Mail has refused to pay hackers the £66m they have been demanded by LockBit, the Russia-linked cyber hacking gang. LockBit has published what it claims is the full transcript of its negotiations with Royal Mail for a £66m ($80m) ransom payment. 

The hackers had threatened to publish all stolen data on February 9th if their demands were not met which suggests that this is the day that negotiations between LockBit and Royal Mail came to an end. These chat logs are the first data to be published by LockBit following the attack, which left the British postal service unable to dispatch many items overseas.

The logs show the Royal Mail negotiators trying to explain to the LockBit ransomware negotiators that they do not have the money and cannot possibly pay the enormous ransom demanded.  Extracts include chat logs from a separate extortion attempt where the Conti ransomware gang had demanded $60 million from a US public school district.

In this case, the negotiator claims that they are only a subsidiary of Royal Mail and that an $80 million ransom is an “absurd” amount.  

“As we informed you, we have a response from our board to provide you. Under no circumstances will we pay you the absurd amount of money you have demanded... We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board,” says the Log

LockBit subsequently reduced the demand, but not more than they apparently usually discount during negotiations.

According to Simon West, Cyber Advisory Lead at Resilience "It is absolutely vital that as these sorts of attacks continue to increase, the preparation of executive teams on ransomware scenarios, actionable security controls focused on maintaining business operations, and the financial coverage to help with a recovery are all key factors in building resilience against an extortion attempt, will become a core, business critical function of any well run company."

This latest development in the Royal Mail cyber attack comes just days after LockBit made a ransomware attack on Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes.

Keiron Holyome, VP UKI and emerging markets at BlackBerry commented “We have recently seen a growing trend in companies refusing to pay ransoms following cyber attacks. It is encouraging to see this looking set to continue... it remains absolutely critical that organisations focus efforts on identifying any gaps in their security posture, and apply additional cybersecurity defences, to ensure they are fit to stop incidents if they happen"

The British postal delivery service continues to experience service disruption due to the cyber attack, more than a month later. 

In an update dated February 14, Royal Mail said that while it has made progress, international services were reinstated to all destinations for purchase online, it’s still unable to process new Royal Mail parcels and large letters requiring a customs declaration purchased through Post Office branches.

Royal Mail Chat:    ITPro:     DataBreaches:     Techcrunch:    Computer Weeky:    Proactive Investors

You Might Also Read: 

Negotiating Ransom: To Pay Or Not?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Crackdown On Ransomware Criminals
Businesses Need To Prioritise Cybersecurity In 2023 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

SolarWinds

SolarWinds

SolarWinds as a worldwide leader in solutions for network and IT service management, application performance, and managed services.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

EG-CERT

EG-CERT

EG-CERT is the national Computer Emergency Response Team for Egypt.

Tymlez Software & Consulting

Tymlez Software & Consulting

Tymlez Software and Consulting is a start-up specialised in blockchain technology for enterprises.

Boldon James

Boldon James

Boldon James are market leaders in data classification and secure messaging software.

Grupo CFI

Grupo CFI

Grupo CFI is the largest Spanish network of data protection and cybersecurity professionals.

AimBrain

AimBrain

AimBrain tools detect and prevent fraud, faster and more accurately than ever before.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Glocomp Systems

Glocomp Systems

Glocomp Systems is one of Malaysia’s premier ICT infrastructure distributor offering a comprehensive portfolio of solutions including cybersecurity and privacy.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

Flexxon

Flexxon

Flexxon is the industry leader to develop NAND flash storage devices. Our key focus is to innovate memory devices ensuring data security and reliability.

The Cyber Guild

The Cyber Guild

The Cyber Guild is a not-for-profit organization working to improve the understanding and practice of cybersecurity, and to help raise awareness and education for all.

AI Spera

AI Spera

AI-Driven Cyber Threat Intelligence Security. AI Spera provides real-time intelligence to empower your security competences in all aspects of the business.

Pango

Pango

Pango is a leading provider of digital consumer security solutions.

London AI Safety Research (LASR)

London AI Safety Research (LASR)

London AI Safety Research Labs is a technical AI Safety research programme focussed on reducing the risk of loss of control to advanced AI.

Novera

Novera

Novera offer security assessment and advisory services to help businesses manage risks from AI, cyber and privacy.