Ransomware negotiation(s) with
babuk
hello,
why did you decide to run audit of our company? I know, or secure is
poor, because of we have faced to critical situations for last 3
years...
2021-04-28T14:55:32+03:00
Hello.
Do you understand it is a real attack or you do think it is just a
penetration test? Do you understand that we have got a lot of essential
data from your company? Also, do you understand that this data can
compromise your company and CEO before the law?
2021-04-28T15:05:46+03:00
unfortunately,
we expect, that this is attack, not penetration test. We need to
negotiate. But the amount of 1 MIO USD is deathfull for our company
2021-04-28T15:10:25+03:00
Okay.
We made you an offer; if it doesn't fit you, you can offer your price.
However, you need to know that we won't provide you a too big discount.
Data we got is too sensible.
2021-04-28T15:14:21+03:00
you
are right, data is sensible. But I don't know, which kind of
information about our company you have? we have small company from Czech
Republic. Not big corporation. We have poor financial results in last
years due to pressure to decrease of margins in industry, Covid-19, now
we face to Suez transport crisis... Youz can check our financial reports
from available sources (for example - justice.cz)...
2021-04-28T15:20:40+03:00
We know about your financial situation.We have all personal data of your employees and administrative staff, including private photos.Also,
we have a full list of your clients, and I think you understand we can
inform them about this incident. It will be a hard strike for your
reputation.Also, we have got all information and documentation related to your projects, including schemes and drafts.We
are still waiting for your price. We all realize that if this info will
be uploaded to the public sources, you will lose much more.
2021-04-28T15:37:59+03:00
All
the customers/client has been informed about this attack on [redacted]. So
all of them know our situation. As well as all employees. We are in
position of Tear 2 supplier = small supplier. All the clients data we
have is not critical for them, not secret development data.
2021-04-28T15:46:18+03:00
Regarding our offer to start negotiate I have to contact our Board by phone to hear out their idea...
2021-04-28T15:47:37+03:00
Okay. And what do you think about the GPDR?
2021-04-28T15:48:33+03:00
Sure, contact anyone you need and return to us with your offer.
2021-04-28T15:48:59+03:00
Do
you mean GDPR? In case if we will not be successful with negotiation,
we will have to contact Police and The Office for Personal Data
Protection. In case if we will make a deal, it will be only between
us...
2021-04-28T15:52:02+03:00
Yes,
I am speaking exactly about it. If we make a deal, you avoid all the
problems and we will got our money. Also, we are ready to inform you
about used vulnerability to avoid such situation in future.
2021-04-28T15:56:15+03:00
If not, all your data will remain encrypted and we will upload sensible info to public.
2021-04-28T15:58:57+03:00
I'm
back. Before we will start to negotiate I have an order to provide you
with company results for the last 3 years. Just to explain our
position...
2021-04-28T17:09:33+03:00
year/sales/result:
2021-04-28T17:09:53+03:00
2018 / [redacted] 000 USD / [redacted] 000 USD (=loss)
2021-04-28T17:10:49+03:00
2019 / [redacted] 000 USD / [redacted] 000 USD (loss)
2021-04-28T17:11:23+03:00
2020 / [redacted] 000 USD / [redacted] 000 USD (profit)
2021-04-28T17:12:09+03:00
Okay, we see
2021-04-28T17:12:34+03:00
So,
we are still waiting for your offer. I tell you about it third time
already. One more - and we delete the chat and upload data
2021-04-28T17:13:33+03:00
Yeah.
that is reality of our company which is available and you can check on
official places... I can offer 10 000 USD (but have no any experience
with BTC, how it works)
2021-04-28T17:14:53+03:00
Depending on your serious situation, we can offer you a 50% discount. So, your price will be 500k
2021-04-28T17:16:42+03:00
500k CZK?
2021-04-28T17:17:08+03:00
USD
2021-04-28T17:17:35+03:00
If it is too hard, you can ask your shareholders to help
2021-04-28T17:20:15+03:00
sorry, this is unrealistic... That means to sold part of company or some of unused equipment...
2021-04-28T17:20:39+03:00
Otherwise, you will try to find cash to avoid prison
2021-04-28T17:21:15+03:00
We need to talk with business owners. Speaking with middleman is not interesting for us.
2021-04-28T17:21:58+03:00
unfortunately,
that is my company position. As a CEO I have not so much authorization.
From my position I can offer max. 23 246 USD (=500 000 CZK - that is my
limit)
2021-04-28T17:25:57+03:00
You can take a loan to pay this sum. Your offers is not even serious.
2021-04-28T17:31:18+03:00
You have two days to pay, after this period, data will be posted and you won't be able to contact us anymore
2021-04-28T17:32:01+03:00
not
realistic get any loan from Bank due to company summary results from
the last years... In 2020 we had to sell some equipment to be able to
survive... You have an experience with our IT infrastructure - you can
see that's very poor solution. It's becase of we have no many, no chance
for the bank loan... We try to survive from day to day... Please, take
our situation in consideration.
2021-04-28T17:38:46+03:00
We
did it already. You can search for a recovery company in your country,
they can offer you a loan in this situation. As I said already, we can
make a discount, but your offer must be serious too.
2021-04-28T17:44:43+03:00
the statement of our shareholders is clear for me. My personal responsibility for the problem, my personal responsi
2021-04-28T19:29:24+03:00
...responsibility
for the solution. Due to my knowledge about this company for me is it
the same "shit situation" to pay 0,5MIO CZK (as I have offered) or lost
the data and start to re-build infrastructure and data again from zero.
And in case If I will realize the payment, where is any guaranty that
you are going to fulfill the deal? Is there any history about your BABYK
group?
2021-04-28T19:33:00+03:00
All the customers, suppliers and employees know the situation in detail. They express their support to us.
2021-04-28T19:34:34+03:00
This
conversation have no sense now. We also have info about your
shareholders, and I don't think they will be glad when it will be
published. Anyway, you have the time to think about the situation and
make us a good offer.
2021-04-28T19:36:49+03:00
About
your question - your guarantee is our reputation. Use Google to find
info. We NEVER publish info and leave data encrypted if companies pay.
2021-04-28T19:38:15+03:00
And
as you wrote before - to avoid to prison??? You have committed the
crime - to steal data and you threaten to publish them. Not me - that is
the law in CZ. No deal = I hav eto start to cooperate with Police and
The Office for Personal Data Protection about your attack. I know you
are far away from here and you don´t care...
2021-04-28T19:38:23+03:00
Your reputation? To attack the company using WinXP, Exchange 2007 and similar and ask 1 MIO USD? Sorry... it sounds like joke...
2021-04-28T19:43:24+03:00
On
Google I see taht you evaluate the company basd on profile on
zoominfo.com. Do you realy thing that company from [redacted location] in CZ
has sales [redacted] 000 000 USD. I wish to be...
2021-04-28T19:46:30+03:00
https://www.google.com/maps/place/[redacted]?hl=cs-CZ
2021-04-28T20:12:01+03:00
This
conversation doesn't lead to conclusion. Your expectation from this
action is far away to our reality. Now, we have taken a decision to
re-build the company IT structure starting tomorrow 29/04, 10:00 CET.
Please, understand to your error that you have made with tip and attack
small company, send to us decryptor and keep your reputation in your
world. Be sure, if you are ready to "ruin our world", we are ready to
build it again. From zero to hero. Thanks for the challenge.
2021-04-28T21:21:54+03:00
Ok tell us fast where we have to pay?
2021-05-01T15:44:21+03:00
This information is provided by Valéry Marchive & Julien Mousqueton
