Threat Intel

Last update we had was when LockBit released a transcript of a chat alleged to be between LockBit and the RoyalMail ransomware negotiator.

Thanks to Domonic far tagging me, we can see an update has occurred on the LB site:

Today (22/02/2023) LockBit have posted the following:

Lockbit leak site

“Last chance to prevent leaks of royal information. We are ready to make a discount, remove the stolen information and provide a decryptor for 40 million dollars. There will be no more delays, after the timer expires all the data will be released.


Lockbit leak site

What occurs next we shall have to see, but I have a hunch, as I’ve said before that RM will NOT pay… we shall however have to see what develops. Ransomware events are not nice, they terrorize victims, they cause stress for people and largely my advice would be, avoid paying…. it is however a business decision and I’m not here to tell people what or what not to do. I will however say, you can break kill chains and you can invest in backup and recovery capabilities so to be in a position where payment is even considered, a lot of things have had to go wrong!