Ransomware negotiation(s) with
akira
I'm here what do you want?
Hello. You've reached an Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. We will reach out to you soon.
Do you have a permission to conduct a negotiation on behalf of your organization?
Yes I can negotiate but dont have to the ability to approve $$ amounts
We will provide all the deal terms during this day. Please be in touch.
These files were taken from your network prior to encryption. You can pick 2-3 random files from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files to our chat and we will upload decrypted copies back. We're looking through your financial papers to come up with a reasonable demand to you. We offer: 1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future. Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
If we don't get a respond within next 24 hours, we will be forced to announce your corporate data leak on our blog.
I have downloaded the file list and will review it with the team
Meanwhile, we will come up with a fair demand to you.
So, we've gone through your files to define your financial abilities. We've been looking through your bank statements, net income, cyber liability limits, financial audits - all the info that might help us to calculate our demand to you. We're willing to set a $165,000 price for ALL the services we offer:
1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future.
Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
Thanks for the detail. I'm working on getting those files 2-3 files to decrypt and should have them tomorrow, but I have to travel in the morning but should have them by the time I land Talk to you tomorrw
We're standing by, thanks.
[redacted].txt.akira // 26.8 KB
[redacted].xml.akira // 866 Bytes
Sorry for the delay, here are two files, We are working on identifying file from the list to provide us.
We will upload the decrypted copies soon.
[redacted].txt // 26.3 KB
[redacted].xml // 324 Bytes
Got them thanks, I'll have the files we want soon
Here are three files we would like for you to provide.
We will upload the files shortly.
[redacted] Corporation.pdf // 389 KB
Have you reviewed the files?
I'm downloading them now TY for getting these so quick. Let me get these back to the team.
Let us know when you have reviewed the files and are ready to proceed.
I forgot to mention that today and tomorrow are a major holiday in the US and most of leadership is gone till Wednesday. Some of us like me still have to work but can we pick this up wednesday?
We are well aware of the holiday. Thank you. Yes, you can. But time's ticking.
Hello. We're going to publish your data this week. Thank you.
You can find yourself in our news column: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/ If you want this post to be removed, we have to agree at something.
I see that you did post us on the site, how much time do we have before you publish?
The reason we ask is your demand is too high for us pay
The publishing will take 1-2 days. Have you managed to gather something to offer us?
Are you saying your willing to negotiate a lower price then?
It depends on the amount you can offer us at the moment.
We think we can muster about $23K to $25k in short time.
No way. We won't accept anything lower than $100k.
Hmmm that still to rich for us, let me see what we can counter offer Brb
Since you posted us on your shame site, you have already caused damage to us and we have ambulance chasers and client calling so we cant put the genie back in the bottle. I counter offer with $38K.
You know our price. What you are offering is unacceptable. If you have no intentions to save your data, we will upload it to our blog.
We must have missed a step, We have no need for your decryptor. But we dont want our data posted either if we can afford it but not at your current demand
I see. We can delete your data for $80,000. Not less. After we are paid, we will provide you with the deletion log file.
We do appreciate your willingness to work with us, we can offer $59K USD. If you agree we can make payment promptly and if you can provide a BTC wallet we can work on getting money moved to pay that wallet
I've discussed with my management. We can accept $75,000. This is final. Do you need our btc wallet?
OK let me confirm with the team brb
Please provide the BTC wallet
We will provide you soon.
How soon can you make a transfer?
I have to clear the wallet id to make sure I can pay it so I've been told. Then I can give you a better answer, but were trying for early next week payment
ok we are getting closer Here is the agreement
We will pay $75,000 to BTC Wallet [redacted] in exchange for taking us off your website, not publish or share our data with anyone, remove any social media reference about us, delete our data and show us proof you deleted the data, identify how you got into our network and never attack us again
Can you confirm payment was made?
Please provide us with what you agrred to and we can complete this deal
I still see us on your shame site
We will provide you with the report and the deletion log within 24 hours.
Initial access to your network was purchased on the dark web. Spending weeks inside of your network we've managed to detect some fails we highly recommend to eliminate: 1. None of your employees should open suspicious emails, suspicious links or download any files, much less run them on their computer.
2. Use strong passwords, change them as often as possible (1-2 times per month at least). Passwords should not match or be repeated on different resources.
3. Install 2FA wherever possible.
4. Use the latest versions of operating systems, as they are less vulnerable to attacks.
5. Update all software versions.
6. Use antivirus solutions and traffic monitoring tools.
7. Create a jump host for your VPN. Use unique credentials on it that differ from domain one.
8. Use backup software with cloud storage which supports a token key.
9. Instruct your employees as often as possible about online safety precautions. The most vulnerable point is the human factor and the irresponsibility of your employees, system administrators, etc. We wish you safety, calmness and lots of benefits in the future. Thank you for working with us and your careful attitude to your security. The deletion log is coming later.
Thanks for this I'll check in later for deletion proof
Sure. We will upload it soon.
Hey Its been several days since we made payment, can we get this completed today?
Hello. I think we can. I'll try to provide you with the log within a few hours.
This information is provided by Valéry Marchive & Julien Mousqueton
