Royal Mail dismisses a ransom demand of $80 million (£67 million) from Russian hackers, as per the transcript, offering a rare glimpse of negotiation as companies fall victim to ransomware cyberattacks.
Since January, the courier service company has been battling a ransomware attack as the LockBitgroup hacked into the software, blocking international shipment details by encrypting crucial files.
The chat transcript released revealed how the Royal Mail was combating the negotiation with LockBit, which was getting more and more aggressive as their demands were blown off.
LockBit suggested paying a ransom of $80 million to them, as it is only 0.5% of the total company’s revenue and is far less than the fee that would be imposed by the Information Commissioner’s Office for failing to protect its data.
As per the EU data protection law that was retained after Brexit, the courier company would be fined 4% of its annual revenue for losing personal data.
“As long as we haven’t published any of your files, you can’t be fined,” the LockBit hacker stated.
“If you can negotiate with us, the government will be left without your $640 million.”
According to the Royal Mail’s negotiator, the hackers appear to be confusing courier service revenue with that of its parent company, International Distribution Services (IDS).
The Royal Mail negotiator wrote that “All we have had is losses. Here, you can read about it yourself,” per the link supplied in October, which disclosed the warning about potential 10,000 job cutbacks and £450 million in losses in the faltering letter delivery industry, which has been hampered by strikes.
LockBit dismissed this explanation and thought that the Royal Mail is bluffing, suggesting further that the company’s director is probably holding £100 million in cryptocurrency and they could end this nightmare quickly if they were to comply with the ransom demand.
Royal Mail’s board sent a sneering response to the demands on January 28.
“Under no circumstances will we pay you the absurd amount of money you have demanded,” the company stated.
“We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us.”
“This is an amount that could never be taken seriously by our board.”
LockBit’s response was: “If you want a discount, then make a counter offer, we are here to have constructive negotiations, not for me to give you a discount after every bluff you make […]”
The hacker conveyed to the negotiator that previously a small UK company managed to pay their ransom, and advocated for the Royal Mail’s “very greedy” directors to broker smaller payments.
“If you can give me a lower starting point, I think I may be able to get the board to work with you,” the Royal Mail’s negotiator stated, and finally declined to pay any of the ransom
LockBit then uploaded the transcript on the dark web, with the message: “Royal Mail need [sic] new negotiator.”
A Royal Mail spokesman stated: “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident.”
- Published By Team Timeswire