Reports suggest that the UK’s Royal Mail has refused to pay its $80m ransom to cybercriminals LockBit

Ransomware group, LockBit has demanded $80m (£65m) from Royal Mail after the hackers hit Britain’s postal and delivery service with a targeted cyber incident on 11 January 2023.

The incident caused disruption to Royal Mail’s ability to process items sent internationally.

The details of the ransomware negotiations between the hackers and Royal Mail have ended up in the public domain via a leak – this is a rare occurence, according to GlobalData’s David Bicknell, principal analyst in the thematic intelligence team.

He said: “No-one will reasonably expect a company board to authorise a ransom payment of [£65m], unless the accountants said it was necessary to safeguard the business’s future.

“Boards must understand that ransomware could be a potential wrecking ball to their business.

”The time to develop an anti-ransomware strategy and enlist the help of cyber experts is before an attack happens.”

Ongoing investigation

Bicknell explained that LockBit demanded a ransom figure Royal Mail “could not countenance paying”.

A Royal Mail spokesperson said: “As there is an ongoing investigation, law enforcement has advised that it would be inappropriate to make any further comment on this incident.”

Bicknell added: ”Those responsible for company cyber breach plans must learn lessons from them.

“Instead of negotiations being opaque, companies now have an unexpected insight into how ransomware groups’ minds work and how a negotiation might play out. They can also plan for the extent of a ransomware demand.”