The LockBit ransomware group has leaked a log of conversations that occurred between the ransomware operators and a negotiator for the Royal Mail. The leaked conversation shows that LockBit demanded roughly $80 million to safely return data stolen from the company during a cyberattack that occurred in January and disrupted Royal Mail operations for several days. The hacking group claims that the ransom negotiations lasted almost three weeks.
Typically, LockBit will leak the negotiation conversation after the fact, when there is no longer any chance that they will be paid. The leaked conversations serve as a deterrent to future victims, security researchers say. The threat actors in the negotiation tried to convince Royal Mail to pay the ransom using several techniques, such as showing that the decryptor worked for the stolen files, and reducing the ransom amount by roughly $10 million.