Ransomware negotiation(s) with
akira
Congratulations, you have passed a surprise information security audit and become a victim of ransomware. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. We will reach out to you soon.
These files were taken from your network prior to encryption. You can pick 2-3 random files from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files to our chat and we will upload decrypted copies back.
We're looking through your files to calculate a fair demand to you. I will let you know the sum shortly. We offer:
1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future.
Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
In case we don't have a response form you, we will have to post your data in our blog.
Hello, we're reviewing the list you sent us now.
Ok. We are waiting for the files request tomorrow.
Hello. Have you review the list?
Hello, we are still reviewing the list at this time but will have those files over to you as soon as we finish. Is this list everything? We want to make sure prior to sending over our requests.
We're willing to set a $350,000 price for ALL the services we offer.
You advised we could request some files from that list you sent. We would like to request the below: [redacted].xlsx [redacted]-2023.xlsx [redacted]23.docx
[redacted]2023.xlsx // 336 KB
[redacted].xlsx // 15.6 KB
[redacted]23.docx // 1.84 MB
Okay thank you we are reviewing these. We still need some time to review the entire listing itself and we are a bit worried about your price. I dont think we can afford the 350,000 and theres no guarantee you wont just take the money and run off. How are we supposed to trust this process?
If we receive the payment within next 48 hours, we will provide you with a 20% discount.
After payment you will receive a deletion log which means the raid drives that contained the only copy of your data are fully formatted and erased. There is no need to deceive you since we value our reputation and you will find no case where we didn't honor an agreement.
If we fail to agree, we will not only publish your data but also notify all of your clients, partners, employees and so on. In some cases they will be guided on how to file a claim properly.
You will receive a security report that includes information about how we were able to penitrate your network, as well as exclusive first-hand information about the state of your network, the vulnerabilities that we found. What's more, you'll receive high-quality technical recommendations on eliminating any vulnerabilities and strengthening your network to secure your internal and external infrastructure. You will also receive written guarantees that we will not sell or publish your data, keep this conversation private, and delete this chat later. We won't come back for more money after payment and we won't attack you again.
We understand and thank you for the information. We're already in the process of trying to find out exactly how much we can offer you, but it won't be close to the price you gave us. We'll update as soon as we can. I know you said you can unlock our files can we send some over to you? We have a few file types we are concerned with.
To prove that we can properly decrypt your data you can upload 2-3 encrypted files up to 10 MB each to our chat and we will upload decrypted copies back. Our tool works on every system/file format. As for your upcoming proposal, we haven't talked about any discounts yet, so you're wrong since you have to get as close as possible to our initial demand to get this over. Thank you.
A lot of our files are larger than 10mb, how do we know the decryption will work on those larger files? Also you are mentioning a discount, is this something you can do for us? We will work on getting the files sent over to you but are concerned we cannot sent anything less than 10mb.
You can provide us with one of larger than 10MB. No one is going to deceive you.
Ok thank you, we are working on it. We will upload this once we have it, I just need to discuss with the others which ones we can send.
Please speed things up on your part. No one is interested in dragging this out.
[redacted].dwg // 10.4 MB
[redacted].pdf // 2.39 MB
Please wait for them decrypted.
Please send us the correct files. We do not see any signs of our tool.
These came from the machines you locked and you said this tool was going to work. This is a little concerning, but let me have our IT grab some more files to send you.
My tech dept has checked those files and they're not encrypted, so please send us correct files asap.
Please try what I'm attaching now to the chat
EncryptedSample[redacted].zip // 9.18 MB
Just checking out what's going on? Waiting your response.
Hello? Are you still there? We are awaiting the files.
Hello. We're here. I've asked my tech dept about this.
This information is provided by Valéry Marchive & Julien Mousqueton