LockBit leaks Royal Mail's data, renews ransom demand

LockBit leaks Royal Mail's data, renews its ransom demand

Image:
LockBit leaks Royal Mail's data, renews its ransom demand

Most of the leaked data is made up of technical program files and administrative business data, according to Royal Mail

The LockBit ransomware gang, which exfiltrated a significant amount of data from Royal Mail ' s IT systems, has leaked some of the data and has also set a new ransom demand of £33 million.

Previously, LockBit had demanded a staggering £66 million, which Royal Mail deemed unreasonable and rejected.

The group then lowered its demand to approximately £47 million before making their most recent demand of £33 million.

LockBit has now published a 7-Zip file, 44GB in size, containing leaked data.

Additionally, a plaintext document containing a list of the file's contents has also been made available.

According to IT Pro, an initial analysis of the leaked documents indicates that there are several sensitive files relating to different parts of the business.

Among the thousands of leaked files, there appears to be an HR record for an employee that includes details of their first, second and third disciplinary warnings, as well as their eventual dismissal.

In addition, there are files that contain salary and overtime payment information for multiple employees, including their full names.

There is also a file related to the network layout, and several files related to contracts with third-party companies.

"Royal Mail is aware that an unauthorised third party has published some data allegedly obtained from our network," the company said in a statement.

"The cyber incident impacted a system concerned with shipping mail overseas.

"At this stage of the investigation, we believe that the vast majority of this data is made up of technical program files and administrative business data. All of the evidence suggests that this data contains no financial information or other sensitive customer information. We continue to work closely with law enforcement agencies."

According to The Telegraph, Royal Mail has confirmed that personal information for approximately 200 employees was involved in the leak and that those affected have been notified.

The cyberattack on Royal Mail's systems took place in January and resulted in the suspension of international shipping operations.

Earlier this month, LockBit released a log of conversations between their representatives and a negotiator, which included discussions about the company's revenues and business challenges.

LockBit said its original ransom demand of £65.7 million was equivalent to 0.5% of Royal Mail International's revenue, and suggested that it was a reasonable sum, given that it was less than the cost of a regulatory fine in the UK.

In response, the negotiator disputed the claim, stating that Royal Mail ' s annual revenue was closer to £800 million.

Royal Mail told LockBit, "Under no circumstances will we pay you the absurd amount of money you have demanded.

"We have repeatedly tried to explain to you we are not the large entity you have assumed we are, but rather a smaller subsidiary without the resources you think we have. But you continue to refuse to listen to us. This is an amount that could never be taken seriously by our board."

LockBit is believed to be primarily based in Russia. The ransomware gang has been observed targeting organisations worldwide, with frequent victims including those in the United States, India and Brazil.

Trend Micro refers to LockBit as "one of the most professional organised criminal gangs in the criminal underground."

It is estimated that LockBit has extorted approximately £82 million from its victims over the past several years.