Royal Mail rejected an “absurd” ransom demand for $80m (£67m) from hackers linked to Russia, according to transcripts that offer a rare glimpse into negotiations when companies are hit by a ransomware cyberattack.
The delivery company has been battling a ransomware attack since January, when the LockBit group hacked into its software and blocked international shipments by encrypting files crucial to the company’s operations.
Chat transcripts released on the dark web, apparently by LockBit, show how the two sides traded blows in the negotiation that followed, with Royal Mail fending off increasingly aggressive demands that it was “time to pay”.
Nearly two weeks after the talks began, a LockBit hacker set a ransom of $80m, which they claimed was equal 0.5% of the company’s revenue, in exchange for decrypting the files.
LockBit said this would cost less than the fine that Royal Mail could receive from the Information Commissioner’s Office, if it were to become public that the company had failed to protect its data.
Under EU data protection laws, retained after Brexit, companies can be fined up to 4% of their annual revenue if they lose personal data.
“As long as we haven’t published any of your files, you can’t be fined,” the LockBit hacker said.
“If you can negotiate with us, the government will be left without your $640m.”
Royal Mail’s negotiator pointed out that the hackers appeared to be confusing the parcel service’s revenue with the larger turnover reported by its parent company, International Distribution Services (IDS).
“All we have had is losses. Here, you can read about it yourself,” wrote the Royal Mail negotiator, sending a link to a Guardian article from October that warned of 10,000 potential job cuts and £450m of losses in the struggling letter delivery business, which has been rocked by strikes.
LockBit refused to accept the explanation and accused the company’s negotiator of “bluffing”, speculating that the company’s directors probably held £100m of cryptocurrency personally that could “finish this nightmare”.
But on 28 January, Royal Mail’s board delivered a withering response to the demands.
“Under no circumstances will we pay you the absurd amount of money you have demanded,” the company said.
“We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us.
“This is an amount that could never be taken seriously by our board.”
LockBit responded by saying: “If you want a discount, then make a counter offer, we are here to have constructive negotiations, not for me to give you a discount after every bluff you make […]”
The hacker told the negotiator that another, smaller, UK company had previously paid a ransom and urged Royal Mail’s “very greedy” directors to negotiate a smaller payment.
“If you can give me a lower starting point, I think I may be able to get the board to work with you,” the Royal Mail’s negotiator said before ultimately saying the company was unlikely to pay.
LockBit apparently then published the files on the dark web, with the message: “Royal Mail need [sic] new negotiator.”
A Royal Mail spokesman said: “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident.”