Royal Mail cyber-attack: Why ransomware is a risk for every business


Cybercrime is notoriously ruthless, and it’s claimed that hackers demanded an eye-watering £66million from Royal Mail, in exchange for decrypting stolen files. The information comes from leaked transcripts, which allegedly reveal negotiations between hackers and a negotiator working on behalf of the Royal Mail, after the group’s recent cyber-attack.

Although the Royal Mail hasn’t commented on the veracity of the transcript, the claims nevertheless highlight the sinister world of cyber-crime. For anyone not in the know, ransomware is a type of malware that steals or encrypts data, so it can no longer be accessed. Criminals then demand a ransom in return for the data.

A big problem for businesses

Whether or not the transcripts involving the Royal Mail are genuine, one thing is certain – ransomware attacks are becoming an increasingly big problem for all businesses. Last year, a report by security company Acronis predicted that global ransomware damages are expected to exceed $30billion in 2023. Now, IT expert Andrew James tells the Business Cyber Centre that firms of all sizes are at risk.

Andrew, who is Head of Business Development at IT support firm Mintivo, says, “Business owners might read about high profile ransomware attacks and think ‘I don’t have deep pockets, I won’t be of interest to hackers.’ But they underestimate the value they hold for cyber-criminals.”

Andrew adds that a ransomware attack can be devastating for a business. “It can cause huge financial losses and reputational damage,” he explains. “Plus, if you don’t have access to your data you can’t trade. Livelihoods can be seriously affected and businesses can go under.”

Weeks of disruption

At Royal Mail, the January cyber-attack led to weeks of disruption for the group’s overseas postal service. It also caused chaos for many small business owners, who are reliant on using the service to send goods abroad.

According to reports, Royal Mail rejected the “absurd” ransom demand, and Andrew adds that business are strongly recommended not to pay cyber-criminals.

“The recommended practice is to not pay a ransom and to restore your data from a backup – paying up is an absolute last resort,” he says. “However, what you’re a small business and you don’t have proper backups and disaster control processes in place? If your data is encrypted by cyber-criminals, you are in effect hamstrung. But even if you did pay the ransom demand, there would be no guarantee that hackers will unlock the data.”

Stringent controls

The key, says Andrew, is to invest in stringent cyber-security systems, whatever the size of your business. “Smaller business definitely under estimate the risk of cyber-crime,” he says. “This may be because they don’t have the necessary advice, or because they see IT as an afterthought. It is quite often seen as costly hassle and frustration but, ultimately, it’s the most important thing to get right.”


Would you like to know more about how to keep your business cyber-secure? Here at the Business Cyber Centre, we can help you turn cyber complexity into cyber confidence. Contact us now for a free, 30-minute consultation.


At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI).
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats!
A guide to start by taking cybersecurity seriously.
Paddy Bradley MBE talks about his responsibility in ensuring that the Business Cyber Centre (BCC) is a success.