Home / Royal Mail / Royal Mail turned down £66m ransom demand from Lockbit hackers

Royal Mail turned down £66m ransom demand from Lockbit hackers

Ransomware is malicious computer software that encrypts, or scrambles, files on victims’ computers.

The criminals behind the software then demand a ransom in hard-to-trace cryptocurrency as the price for decrypting the files.

A Royal Mail spokesman said: “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident.”

A transcript of an online chat between Lockbit and Royal Mail’s ransom negotiator revealed the full sum demanded by Lockbit from the postal operator to unlock its files.

That sum – $80m, or £66m – was rejected out of hand by Royal Mail, according to a copy of the transcript seen by The Telegraph.

Lockbit said: “$80m is 0.5pc of your revenue, $640m is 4pc of your revenue. We are asking 8 times less than your state. In addition to this price you get a decrypt of your data.”

Royal Mail’s negotiator responded: “Do you really think the government doesn’t already know about this? Even if they were to fine us, paying you or not does not change this.”

One of the Russian-linked criminals made a cynical attempt to menace Royal Mail into paying the ransom by threatening to inform the authorities, saying: “0.5pc of annual global turnover is much less than a 4pc fine from your government.”

The European Union’s General Data Protection Regulation lets governments fine companies 4pc of yearly revenues if personal information is stolen from them by hackers.

GDPR, as the law is known, was retained in UK law after the country’s formal exit from the European Union on 31 January 2020.

“Royal Mail need new negotiator” said the Russian-linked gang on its dark web blog as it dumped the chat data on its dark web blog on Tuesday.

Such a move is very unusual. Brett Callow, a threat analyst with anti-ransomware company Emsisoft, said: “Victims often immediately enter negotiations, whether or not they expect to have to pay. It stalls the release of information and enables them to assess their recovery options.”

He added: “It seems like a very odd strategy. Groups typically want victims to believe that the details of their negotiations will remain private.”

The Telegraph previously disclosed that Lockbit was the gang responsible for attacking the Royal Mail in January. The Russia-linked gang’s members communicate between themselves in Russian. While prolific at attacking Western companies, they avoid targeting organisations based in Russia.

Advanced gangs such as Lockbit also steal copies of sensitive data from their victims and demand an increased ransom in return for a promise not to publish them online.

In previous cases, such data has included names and home addresses of employees as well as digital copies of passports and financial data.

Such information is typically collected by corporate HR departments when employees join a company.

Ransomware gangs have also targeted other British businesses in recent months including car dealership chains Arnold Clark and Pendragon plc.


Source link

About admin

Check Also

Prestwick Airport and Chicago Rockford Airport pen agreement

Bosses at the nationalised airport have signed a joint development agreement with Chicago Rockford International Airport to …

Leave a Reply

Your email address will not be published. Required fields are marked *