![]() ![]() The incident has wreaked havoc on international mail services since early January, and continues to be an issue. The most persuasive negotiation tack taken by the LockBit ransomware gang was likely a demonstration of the file decryptor unlocking a sampling of the organization’s encrypted files. These functions are vulnerable to the same kinds of manipulation that cybercriminals perpetrate on their victims.” Outrageous ransom demand refused despite international shipping chaos It’s easy to forget that while cybercrime and ransomware operators present to most as shadowy, opaque entities out on the internet, they are comprised of and run be people, include far more familiar functions like customer support and accounts receivable. The hackers pitched the idea of the ransom demand being a means of keeping the incident quiet and thus avoiding a UK ICO penalty, but Royal Mail indicated that the government was already aware of the incident.Ĭasey Ellis, Founder and CTO at Bugcrowd, notes that it is quite rare for ransomware gangs to leak negotiations communications and that this provides some unique insights into how they pressure victims over an extended period: “Presuming the logs are authentic, it’s a fascinating set of insights into the process and personalities involved in ransomware for those who’ve not seen it before. The LockBit ransomware gang also attempted to threaten Royal Mail with the prospect of a data breach fine from their government, which the spokesperson also responded to incredulously. Time will tell if more Royal Mail documents appear on the gang’s dark web leaks site. The group has not yet released anything else, raising questions as to whether it actually exfiltrated anything of value prior to locking up the organization’s servers. The LockBit ransomware gang had previously threatened to begin leaking stolen data on February 9, but the negotiation log was released on February 14 and is the first such item to appear. The leaked chat logs show that the sides began negotiating over the ransom demand on January 12, two days after Royal Mail publicly reported being compromised. Believing that they had access to the full resources of International Distribution Services, the LockBit ransomware gang made a ransom demand that would likely bankrupt any of the international subsidiaries by eating up entire months of their revenue. International Distributions Services PLC is the parent company of Royal Mail and subsidiaries such as Parcelforce Worldwide and GLS that handle international parcel deliveries as part of the Royal Mail International division. LockBit ransomware hits international mail division, hackers don’t understand subsidiary structure The attackers apparently hit upon the $80 million total by calculating 0.5% of Royal Mail’s total annual revenue, but even $70 million would eat up nearly all of the quarterly profit of some of the subsidiary groups that handle international parcels. The chat logs show a flustered Royal Mail International representative attempting to explain to the attackers that it is a smaller subsidiary that does not have access to tens of millions of pounds for ransom payments. The leak comes as part of a gradual document dump by the LockBit ransomware group, meant to pressure the UK’s leading mail service into making a payment. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |