The Royal Mail, which is still experiencing complications as a result of last month's cyberattack, has revealed what the LockBit ransomware gang claims to be the detailed transcript of its negotiations with Royal Mail.
According to reports, Royal Mail rejected an $80 million (£66 million) ransom demand from the LockBit ransomware gang, declaring that it would "under no circumstances" pay the "absurd amount of money" demanded.
This is in regard to what appear to be chat logs that LockBit disclosed and were published on February 14, documenting weeks of thorough negotiations between LockBit and its victim, who was attacked on January 10.
The chat logs negotiating the ransoms are apparently the first pieces of information LockBit released following the cyberattack on Royal Mail, that halted the British postal service from sending certain products overseas. This is in spite of earlier threats by the ransomware group with ties to Russia to expose all stolen data on February 9.
The records seem to indicate that this was the last day of negotiations between LockBit and Royal Mail. Screenshots from LockBit's dark web leak site that was reviewed by TechCrunch reveal that talks started on January 12, two days after the U.K. postal company acknowledged that it had been compromised.
If the chat logs are legitimate, they indicate that LockBit demanded a grand total of $80 million as a ransom payment, which equals 0.5% of Royal Mail’s annual revenue. The negotiator for Royal Mail appeared to inform LockBit that the company would not comply with the demand and that they had mistaken Royal Mail International for Royal Mail.
“Under no circumstances will we pay you the absurd amount of money you have demanded[…]We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board.” says Royal Mail’s negotiator (anonymous) to a LockBit representative.
The ransom demand was reportedly then reduced by LockBit to $70 million on February 1.
The UK’s National Cyber Security Centre, investigating the Royal Mail has long urged the company against paying the ransom demand since this “does not reduce the risk to individuals, is not an obligation under data protection law, and is not considered as a reasonable step to safeguard data.” Additionally, the FBI advises victims to take precautions such as data backups rather than complying with extortion demands.
Royal Mail did not object to the legitimacy of the chat records when approached, it has declined to answer certain questions. “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident,” said a Royal Mail spokesperson, who declined to provide their name.
The upcoming actions of Royal Mail are still not clear. As of now, since the negotiation between the company and LockBit appears to be unsuccessful, the company could soon be witnessing larger fallout if the stolen data is published online. LockBit’s dark web leak site currently informs that “all available data” has been published, although unavailable to be viewed.
The postal giant continues to face disruption in its services following the cyberattack, more than a month later. According to a company update dated February 14, despite advances (-i—international services were resumed to all destinations for online purchases) - the company is still unable to process new Royal Mail parcels and large letters requiring a customs declaration bought at the Post Office branches.