Following the leak of details of ransom negotiations between the UK’s Royal Mail and ransomware group LockBit, David Bicknell, principal analyst in the Thematic Intelligence team at GlobalData, says other companies should learn some valuable lessons.
“It is rare for the details of ransomware negotiations to find their way into the public domain,” says Bicknell. “Those responsible for company cyber-breach plans must learn lessons from them.
“Instead of negotiations being opaque, companies now have an unexpected insight into how ransomware groups’ minds work and how a negotiation might play out,” he says of the Royal Mail leak. “They can also plan for the extent of a ransomware demand.
“LockBit demanded a ransom figure Royal Mail could not countenance paying,” Bicknell explains. “No-one will reasonably expect a company board to authorise a ransom payment of $80-million, unless the accountants said it was necessary to safeguard the business’s future.
“Boards must understand that ransomware could be a potential wrecking ball to their business,” Bicknell says. “The time to develop an anti-ransomware strategy and enlist the help of cyberexperts is before an attack happens.”