The LockBit ransomware gang has revealed what it claims is the total transcript of its negotiations with Royal Mail, which continues to expertise disruption resulting from final month’s cyberattack.
The chat logs negotiating the ransom is the primary information that LockBit has revealed following the cyberattack on Royal Mail, which left the British postal service unable to dispatch sure objects abroad. That is regardless of the Russia-linked ransomware gang’s earlier threats to publish all stolen information on February 9. The logs seem to recommend that that is the day that negotiations between LockBit and Royal Mail got here to an finish.
Screenshots posted to LockBit’s darkish net leak website, seen by TechCrunch, present that negotiations started on January 12, two days after the U.Ok. postal large confirmed it had been compromised.
The chat logs, if genuine, present that LockBit demanded an $80 million ransom fee, which it calculated to be 0.5% of Royal Mail’s annual income. Royal Mail’s negotiator seems to inform LockBit that they’ve confused Royal Mail Worldwide with Royal Mail and that the group wouldn’t pay the demand.
“Certainly not will we pay you the absurd amount of cash you’ve gotten demanded,” says Royal Mail’s unnamed negotiator, in keeping with the screenshots posted by LockBit. “We’ve got repeatedly tried to elucidate to you we’re not the big entity you’ve gotten assumed we’re, however reasonably a smaller subsidiary with out the assets you suppose we’ve got. However you proceed to refuse to hearken to us. That is an quantity that would by no means be taken critically by our board.”
LockBit apparently then provided a decrease ransom sum, dropping the determine to $70 million on February 1.
The U.Ok.’s Nationwide Cyber Safety Centre, which is working with Royal Mail to research the breach, has lengthy suggested that organizations mustn’t pay ransom calls for, as this “doesn’t scale back the danger to people, just isn’t an obligation beneath information safety legislation, and isn’t thought-about as an affordable step to safeguard information.” The FBI additionally recommends that victims not pay ransom calls for and as an alternative take steps to preventatively backup information.
Royal Mail didn’t dispute the legitimacy of the chat logs when approached by TechCrunch, however declined to reply our questions. “As there’s an ongoing investigation, legislation enforcement has suggested that it will be inappropriate to make any additional touch upon this incident,” mentioned a Royal Mail spokesperson, who declined to supply their title.
Royal Mail’s subsequent steps stay unclear. As negotiations between the corporate and LockBit seem to have failed, for now no less than, the corporate might quickly be battling a bigger fallout if stolen information is revealed on-line. LockBit’s darkish net leak website at present says that “all out there information” has been revealed, however this isn’t but out there to view.
The postal large additionally continues to expertise service disruption because of the cyberattack, greater than a month later. In an replace dated February 14, the corporate mentioned that whereas it has made progress — worldwide companies had been reinstated to all locations for buy on-line — it’s nonetheless unable to course of new Royal Mail parcels and huge letters requiring a customs declaration bought by Publish Workplace branches.
