‘All we have had is losses’: Royal Mail dismisses ‘absurd’ $80m ransom demand

‘Under no circumstances will we pay that absurd amount,’ delivery firm says, telling hackers it is not the booming company they think

Royal Mail rejected an “absurd” ransom demand for $80m (£67m) from hackers linked to Russia, according to transcripts that offer a rare glimpse into negotiations when companies are hit by a ransomware cyberattack.

The delivery company has been battling a ransomware attack since January, when the LockBit group hacked into its software and blocked international shipments by encrypting files crucial to the company’s operations.

Chat transcripts released on the dark web, apparently by LockBit, show how the two sides traded blows in the negotiation that followed, with Royal Mail fending off increasingly aggressive demands that it was “time to pay”.

Nearly two weeks after the talks began, a LockBit hacker set a ransom of $80m, which they claimed was equal 0.5% of the company’s revenue, in exchange for decrypting the files.

LockBit said this would cost less than the fine that Royal Mail could receive from the Information Commissioner’s Office, if it were to become public that the company had failed to protect its data.

Under EU data protection laws, retained after Brexit, companies can be fined up to 4% of their annual revenue if they lose personal data.

“As long as we haven’t published any of your files, you can’t be fined,” the LockBit hacker said.

“If you can negotiate with us, the government will be left without your $640m.”

Royal Mail’s negotiator pointed out that the hackers appeared to be confusing the parcel service’s revenue with the larger turnover reported by its parent company, International Distribution Services (IDS).

“All we have had is losses. Here, you can read about it yourself,” wrote the Royal Mail negotiator, sending a link to a Guardian article from October that warned of 10,000 potential job cuts and £450m of losses in the struggling letter delivery business, which has been rocked by strikes.

LockBit refused to accept the explanation and accused the company’s negotiator of “bluffing”, speculating that the company’s directors probably held £100m of cryptocurrency personally that could “finish this nightmare”.

But on 28 January, Royal Mail’s board delivered a withering response to the demands.

“Under no circumstances will we pay you the absurd amount of money you have demanded,” the company said.

“We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us.

“This is an amount that could never be taken seriously by our board.”

LockBit responded by saying: “If you want a discount, then make a counter offer, we are here to have constructive negotiations, not for me to give you a discount after every bluff you make […]”

The hacker told the negotiator that another, smaller, UK company had previously paid a ransom and urged Royal Mail’s “very greedy” directors to negotiate a smaller payment.

“If you can give me a lower starting point, I think I may be able to get the board to work with you,” the Royal Mail’s negotiator said before ultimately saying the company was unlikely to pay.

LockBit apparently then published the files on the dark web, with the message: “Royal Mail need [sic] new negotiator.”

A Royal Mail spokesman said: “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident.”

Contributor

Rob Davies

The GuardianTramp

Related Content

Article image
Royal Mail launches Christmas punctuality bonus as losses soar
Postal service renews call to change universal service obligation as its revenues fall

Jasper Jolly and Alex Lawson

16, Nov, 2023 @1:10 PM

Royal Mail halves losses

The Royal Mail has "stopped the rot" by halving its losses last year to £611m and aims to return to profit this year, the company said today.

Agencies

22, May, 2003 @9:37 AM

Article image
Ofcom’s ‘snail mail’ plan isn’t the solution that Royal Mail needs
The regulator’s proposal to slow down deliveries to three days or longer will erode the service almost to the point of surrender

Nils Pratley

24, Jan, 2024 @5:59 PM

Royal Mail stems financial losses

The Royal Mail today reported that trading losses had fallen by a third, indicating a glimmer of a turnaround, although the business is still losing £1.1m a day.

Mark Tran and agencies

14, Nov, 2002 @12:32 PM

Article image
Ofcom hits Royal Mail with a regulatory twig | Nils Pratley
Regulator’s paltry £5.6m fine suggests it is waiting for the company’s universal service obligation to be reformed

Nils Pratley

13, Nov, 2023 @4:39 PM

Article image
Royal Mail ransomware attackers threaten to publish stolen data
Postal service has been unable to send letters and parcels overseas since Wednesday due to hacking

Jasper Jolly

12, Jan, 2023 @10:24 PM

Article image
Royal Mail requests permission to stop Saturday letter delivery
Firm reports £219m half-year losses and asks government to let it move to weekday-only service to cut costs

Mark Sweney

17, Nov, 2022 @2:11 PM

Article image
Royal Mail reports £1bn loss after postal workers’ strikes
Parent company IDS posts loss of £748m as it blames industrial action and failure to increase productivity

Kalyeena Makortoff

18, May, 2023 @1:16 PM

Article image
Royal Mail chief expected to step down within weeks
Simon Thompson has had a turbulent two-year stint at the helm

Gwyn Topham

08, May, 2023 @4:29 PM

Article image
Royal Mail workers begin wave of pre-Christmas strikes
Thousands of striking staff head to Westminster for protest outside parliament over conditions and pay

Mark Sweney

09, Dec, 2022 @9:17 AM