Ransomware negotiation(s) with
avaddon
Hello from Avaddon Team .Price for you is
$300,000. We have downloaded a lot of critical data, which will be
published on our news website (http://avaddongun7rngel.onion) if you do
not make a payment. After the payment we will decrypt all your systems,
give you listing of files that we have taken, remove data from our
servers and give you proofs of deletion. Also we will provide you with
security report, so you can fix all your vulnerabilities and be safe
again.
11:55 30.04.2021
We are ready to talk to you and discuss on this matter ....
11:56 30.04.2021
is anyone here?
14:58 30.04.2021
wnat to talk to you about this situation
15:06 30.04.2021
your price is very expensive for us
15:07 30.04.2021
300.000$ is our 3 year budget
15:07 30.04.2021
tell us the real possible price and we ready to pay
15:08 30.04.2021
How much can you pay at most?
15:09 30.04.2021
give me 5 minute
15:13 30.04.2021
i will talk with my chief
15:13 30.04.2021
redy to pay 3000$
15:19 30.04.2021
This is a joke?
15:30 30.04.2021
Your price is $ 300,000.
15:30 30.04.2021
300.000$ is a joke
15:32 30.04.2021
becauuse we havn't this amount of money
15:32 30.04.2021
3000$ we can pay or go ahead to reainstall all our systems
15:33 30.04.2021
search on map our country Armenia
15:35 30.04.2021
300.000 is out country budget how we can pay this kind of money?
15:35 30.04.2021
Perhaps the price is too high for you and we are ready to make a small discount.
15:38 30.04.2021
But on $ 3,000 we will never agree.
15:40 30.04.2021
Reinstalling all systems and restoring the
workflow will take a very long time and you will incur heavy losses. The
best option would be to pay and get back to normal quickly.
15:43 30.04.2021
yes you are right
15:44 30.04.2021
we will lose money while trying to
reainstall all systems and getting back informtion from external backups
15:44 30.04.2021
but don't lose so much as you want
15:45 30.04.2021
3000$ ready to pay, agree or not?
15:45 30.04.2021
We have a lot of your important files that
we will publish on our blog if you do not cooperate with us.
15:51 30.04.2021
I know all this
15:52 30.04.2021
but we havn't money!
15:52 30.04.2021
what can we do?!
15:52 30.04.2021
You will never be able to get your files
back without our decryptor! Only we have a unique key to decrypt your
files. Don't waste time and money trying to decrypt files yourself.
15:52 30.04.2021
I know that very well
15:53 30.04.2021
I comunicate with you before
15:54 30.04.2021
I know all this processes
15:54 30.04.2021
and now that we cant decrypt our files
15:54 30.04.2021
we just can reinstall all systemss and restore backups but it will take too long for us
15:54 30.04.2021
We are ready to make a very big discount for
you. If you pay within 67 hours, we will offer you a 50% discount. Then
the price will again be $ 300,000.
15:54 30.04.2021
so we ready to pay as much as we can
15:55 30.04.2021
Now you need to pay $ 150,000.
15:56 30.04.2021
what's your name?
15:56 30.04.2021
It does not matter.
15:57 30.04.2021
you know our country?
15:58 30.04.2021
how the small firm in Armenia can pay you 150.000?
15:58 30.04.2021
my house cost 15.000$ in all
15:59 30.04.2021
Sir, you are offering us a ridiculous price,
it does not suit us at all. Before we set you a price of $150,000, we
analyzed your profitability and your capabilities in general, this price
was taken not from the sky, but according to specific criteria, and by
analysis.
15:59 30.04.2021
what can I say, your analysis is wrong...
16:00 30.04.2021
last time a year ago I paid 1700$ for your decrypting key
16:01 30.04.2021
And we will tell you that $ 15,000 is still
not enough, and we do not agree to such a small amount. Suggest more or
we will use other methods. We can share your financial statements, your
employee and customer data, and more in the public domain. Use DDOS. We
can completely ruin the reputation of your business. Then you will have a
lot of problems and you will suffer a lot of damage. You choose ...
16:06 30.04.2021
I don't event suggest 15.000$, because I havn't
16:07 30.04.2021
We want to talk to your boss.
16:10 30.04.2021
I called him, will be here in 15 minutes
16:11 30.04.2021
Hi, I'm CEO
16:22 30.04.2021
my name is [redacted]
16:23 30.04.2021
ready to cooperate with you ...
16:25 30.04.2021
Hello, [redacted]!
16:25 30.04.2021
Are you already aware of the situation?
16:26 30.04.2021
yes, of course
16:26 30.04.2021
but unfortunately your requirements are in not compatible with the budget of our company ...
16:29 30.04.2021
How much can you offer? As we already wrote,
the amount of $ 15,000 or $ 20,000 does not interest us.
16:31 30.04.2021
and how much you want if you don't agree with 15.000 or 20.000?
16:34 30.04.2021
You're not serious! You do not understand
the magnitude of the problems for your company. Are you ready to incur
losses and ruin your reputation or will you cooperate and offer a higher
amount?
16:37 30.04.2021
We have already offered you a very large
discount, which we do not do for other clients. We have made a 50%
discount for you.
16:37 30.04.2021
I asked how much you want?
16:38 30.04.2021
I perfectly understand all the risks
16:39 30.04.2021
The price for you is $ 150,000.
16:44 30.04.2021
After the expiration of the time, the price will double and then it will be $ 300,000.
16:44 30.04.2021
it's not serious my company is not able to
pay you that kind of money let my IT specialists stay awake for several
days and restore archives or pay you this money as they want
16:49 30.04.2021
You cannot recover files without our unique key.
16:52 30.04.2021
You have 66 hours to start working with us or you will have a lot of problems.
16:53 30.04.2021
After 7 o'clock your amount to double. This is the last chance to pay at such a low price.
04:02 03.05.2021
Hi guys are you there ?
11:39 03.05.2021
Contact us if you see this, it looks like we have a misunderstanding.
11:40 03.05.2021
what you mean?
16:04 03.05.2021
Sir, we found out that one of the branches
of your network is located in Armenia, our policy of work does not allow
working in the CIS countries, so we will give you a decryptor general
with which you can decrypt your entire network. We strongly apologize
for this unpleasant incident and would like to say that we will help you
restore your systems even if you have any problems.
16:20 03.05.2021
really? this is a great news
05:32 04.05.2021
despite the fact that we already recover
most of our information, we will be thankful if you give us the key
05:35 04.05.2021
You can download the decryptor.
05:40 04.05.2021
from where? give link please
05:43 04.05.2021
is it free software?
05:43 04.05.2021
http://avaddonbotrxmuyl.onion/[redacted]/buy
05:46 04.05.2021
look like it's work...
07:00 04.05.2021
can you also help us to understand how you did that?
07:03 04.05.2021
we want to found out loophole in our network
07:04 04.05.2021
Weak passwords.
07:33 04.05.2021
but how you could come in to our network?
07:41 04.05.2021
I will clarify this point.
07:42 04.05.2021
we will wait for your clarifying ant will be very thankful for your support
07:47 04.05.2021
You guys should do penetration tests more
often. Hire a professional company and they will find all loopholes in
your network. It will cost you few ten thousends but you will be safe.
08:16 04.05.2021
Update all services with outside internet, especially Ms Exchange server.
08:18 04.05.2021
you used zerologon exploit ?
08:21 04.05.2021
We cannot say anything more for security reasons for personal purposes.
08:26 04.05.2021
ok , we understood , thanks for information ,
we will upgrade our exchange server and do several things for security
08:30 04.05.2021
Ok guys, excuse us again, I hope you didn't report this to the police? :)
08:58 04.05.2021
What does it mean ?:)
09:23 04.05.2021
don't worry about that
09:27 04.05.2021
Ok sir , good luck
09:28 04.05.2021
This information is provided by Valéry Marchive & Julien Mousqueton
