Royal Mail Refuses To Pay LockBit Ransom Demand

Uploaded on 2023-02-15 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Royal Mail has refused to pay hackers the £66m they have been demanded by LockBit, the Russia-linked cyber hacking gang. LockBit has published what it claims is the full transcript of its negotiations with Royal Mail for a £66m ($80m) ransom payment. 

The hackers had threatened to publish all stolen data on February 9th if their demands were not met which suggests that this is the day that negotiations between LockBit and Royal Mail came to an end. These chat logs are the first data to be published by LockBit following the attack, which left the British postal service unable to dispatch many items overseas.

The logs show the Royal Mail negotiators trying to explain to the LockBit ransomware negotiators that they do not have the money and cannot possibly pay the enormous ransom demanded.  Extracts include chat logs from a separate extortion attempt where the Conti ransomware gang had demanded $60 million from a US public school district.

In this case, the negotiator claims that they are only a subsidiary of Royal Mail and that an $80 million ransom is an “absurd” amount.  

“As we informed you, we have a response from our board to provide you. Under no circumstances will we pay you the absurd amount of money you have demanded... We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board,” says the Log

LockBit subsequently reduced the demand, but not more than they apparently usually discount during negotiations.

According to Simon West, Cyber Advisory Lead at Resilience "It is absolutely vital that as these sorts of attacks continue to increase, the preparation of executive teams on ransomware scenarios, actionable security controls focused on maintaining business operations, and the financial coverage to help with a recovery are all key factors in building resilience against an extortion attempt, will become a core, business critical function of any well run company."

This latest development in the Royal Mail cyber attack comes just days after LockBit made a ransomware attack on Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes.

Keiron Holyome, VP UKI and emerging markets at BlackBerry commented “We have recently seen a growing trend in companies refusing to pay ransoms following cyber attacks. It is encouraging to see this looking set to continue... it remains absolutely critical that organisations focus efforts on identifying any gaps in their security posture, and apply additional cybersecurity defences, to ensure they are fit to stop incidents if they happen"

The British postal delivery service continues to experience service disruption due to the cyber attack, more than a month later. 

In an update dated February 14, Royal Mail said that while it has made progress, international services were reinstated to all destinations for purchase online, it’s still unable to process new Royal Mail parcels and large letters requiring a customs declaration purchased through Post Office branches.

Royal Mail Chat:    ITPro:     DataBreaches:     Techcrunch:    Computer Weeky:    Proactive Investors

You Might Also Read: 

Negotiating Ransom: To Pay Or Not?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Crackdown On Ransomware Criminals
Businesses Need To Prioritise Cybersecurity In 2023 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CDNetworks

CDNetworks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

We Watch Your Website

We Watch Your Website

We Watch Your Website provide website monitoring, protection, malware removal and root cause analysis services to help you keep your website secure.

PhishLine

PhishLine

PhishLine helps Information Security Professionals meet and overcome the increasing challenges associated with social engineering and phishing.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

APERIO

APERIO

APERIO, the global leader in industrial data integrity, helps its customers drive profitability and sustainability while mitigating risk in their industrial operations.

BetaDen

BetaDen

BetaDen provides a revolutionary platform for businesses to develop next-generation technology, such as the internet of things and industry 4.0.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

HP Wolf Security

HP Wolf Security

HP Wolf Security protects your organization and devices from cyberattacks no matter where, when or how you work.

Q-Bird

Q-Bird

Q*Bird's mission is to provide equipment for the current, and future European quantum internet.

SOC-E

SOC-E

SOC-E is a leading technology provider for high-availability and deterministic networking, sub-microsecond synchronization and cybersecurity solutions for critical sectors.