Royal Mail rebuffed a £66m ransom demand from the LockBit ransomware gang, saying “under no circumstances” would it pay “the absurd amount of money” demanded.
Chat logs leaked by LockBit, published on 14 February, detail weeks of in-depth negotiations between LockBit and its victim, which was attacked on 10 January.
A month later, Royal Mail cannot provide a complete international postal service, although it has been steadily bringing parts of its operation online.
On 28 January, the logs show Royal Mail’s negotiator telling LockBit’s representative: “We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board.”
On 1 February, the logs show LockBit’s representative offered a 12.5 per cent discount, which would have dropped the ransom demand to approximately £47.1 million.
At this point, LockBit’s representative appears to have grown increasingly frustrated with Royal Mail’s negotiator, berating them for taking their time in responding, and asking them why they had “such a long chain of middlemen” and why they could not just talk directly to management. They also told Royal Mail that “journalists are asking me why I haven’t published your information… they really want to see your files”.
The gang sent its final messages between 7 and 9 February, stating that the data was “ready to be published” and the decryptor was “ready to be deleted”, before asking, “Do you have any offer for me?” at which point the conversation cuts off.
