The LockBit ransomware attack on Royal Mail International in the UK caused notable outage and delay.
This incident was reasonably high profile, and, as well as the breached dataset, the TAs released the negotiation transcript which we found very interesting and so decided to perform an analysis of it.
Key findings of our analysis:
The RMI negotiators appear to be lacking knowledge in formal techniques of negotiation.
Potential information about both sides is revealed in the posts, apparently unwittingly.
Several negotiators appear to have been involved from both sides.
Antagonism of the TAs appears to be unplanned and potentially ill-considered.
Upon researching outside of our specific analysis, we learned that many providers of ransomware negotiation services, whilst experienced to some degree through previous ransomware interactions, are not formally trained and those who appoint them, perhaps initially driven by need and a lack of choice, have not enquired as to the background and knowledge in negotiation techniques.
This practice exposes a significant risk that negotiations will not be conducted with the best outcome for the victim, could result in early release of breached data and it may even unnecessarily expose victims to further attack by antagonised TAs.
The STORM TAE negotiation team are different in this key regard, with decades of knowledge and with formal training in the discipline.
Download the report
We hope you find our report interesting reading and would welcome any feedback.
As always, we stand ready to assist your team should you need our expertise.
The report is available from our secure download site here
Let's talk
If you would like to discuss any of the issues addressed in this article or would like to find out more about STORM, you can reach us at: contact@stormguidance.com.