The LockBit ransomware gang has published what it claims is the full transcript of its negotiations with Royal Mail, which continues to experience disruption due to last month’s cyberattack.
The chat logs negotiating the ransom is the first data that LockBit has published following the cyberattack on Royal Mail, which left the British postal service unable to dispatch certain items overseas. This is despite the Russia-linked ransomware gang’s earlier threats to publish all stolen data on February 9. The logs appear to suggest that this is the day that negotiations between LockBit and Royal Mail came to an end.
Screenshots posted to LockBit’s dark web leak site, seen by TechCrunch, show that negotiations began on January 12, two days after the U.K. postal giant confirmed it had been compromised.
The chat logs, if authentic, show that LockBit demanded an $80 million ransom payment, which it calculated to be 0.5% of Royal Mail’s annual revenue. Royal Mail’s negotiator appears to tell LockBit that they have confused Royal Mail International with Royal Mail and that the organization would not pay the demand.
“Under no circumstances will we pay you the absurd amount of money you have demanded,” says Royal Mail’s unnamed negotiator, according to the screenshots posted by LockBit. “We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board.”
LockBit apparently then offered a lower ransom sum, dropping the figure to $70 million on February 1.
The U.K.’s National Cyber Security Centre, which is working with Royal Mail to investigate the breach, has long advised that organizations should not pay ransom demands, as this “does not reduce the risk to individuals, is not an obligation under data protection law, and is not considered as a reasonable step to safeguard data.” The FBI also recommends that victims not pay ransom demands and instead take steps to preventatively back up data.
Royal Mail did not dispute the legitimacy of the chat logs when approached by TechCrunch, but declined to answer our questions. “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident,” said a Royal Mail spokesperson, who declined to provide their name.
Royal Mail’s next steps remain unclear. As negotiations between the company and LockBit appear to have failed, for now at least, the company could soon be battling a larger fallout if stolen data is published online. LockBit’s dark web leak site currently says that “all available data” has been published, but this isn’t yet available to view.
The postal giant also continues to experience service disruption due to the cyberattack, more than a month later. In an update dated February 14, the company said that while it has made progress — international services were reinstated to all destinations for purchase online — it’s still unable to process new Royal Mail parcels and large letters requiring a customs declaration purchased through Post Office branches.
Google confirmed it’s putting an end to a feature that allowed users to access playable podcasts directly from the Google Search results in favor of offering podcast recommendations. Officially launched in 2019, the feature surfaced podcasts when they matched a user’s query, including in those cases where a user specifically included the word “podcast” in their search […]
The U.S. government’s cybersecurity agency has warned that criminal financially motivated hackers compromised federal agencies using legitimate remote desktop software. CISA said in a joint advisory with the National Security Agency on Wednesday that it had identified a “widespread cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software” that had targeted multiple […]
Royal Mail CEO Simon Thompson has confirmed that a cyberattack is to blame for the ongoing disruption at the U.K. postal giant. The admission comes almost a week after Royal Mail first said it was hit by an unspecified “cyber incident” that left the British mail service unable to dispatch items to overseas destinations. “We’ve confirmed that we’ve had a […]
Leave a Reply