Do you need a private chat?
12:34
This chat can include people from your company (your employees, for example), as they may have found the note on their computers. In order to avoid leaking our conversation, we can create a private chat for you. Do you need it?
12:35
where would this private chat be and what is wrong with talking here? What is this about and did you take our data?
12:40
We are Black Basta Group. We are here to inform that your company local network has been hacked and encrypted. We've downloaded over 540GB of a sensitive information and data from your network.
Check your page in our blog. Right now we're keeping it secret. However, if we don't come to an agreement within 10 days, it'll be posted on our news board.
We will let everyone who wants to connect to your network and get all the necessary data from your.
Decryption price is $2,750,000. In case of successful negotiations we guarantee you will get:
1) Decryptor for all your Windows and Hyper-V machines;
2) Non recoverable removal of all downloaded data from our side;
3) Security report on how you were hacked to fix your vulnerabilities and avoid such situations in future.
Hope you can correctly assess the risks for your company.
You can find more information about Black Basta Group in Google.
12:58
https://temp.sh/[redacted].txt
This is full list of your taken data.
12:58
You can choose from this list any 3-5 file names and I will send them to you as a proof. But files should not contain important information.
12:58
Thank you for providing the list. My leadership and IT team are currently reviewing it. It is a large list and it will take some time.
11:56
Okay, we'll be in touch.
13:50
Just making you aware it is a holiday here. When my team selects the file names we will send them.
12:41
okay, we are in touch.
15:06
Thank you for your patience.
13:45
[redacted].pdf // [redacted].docx \\ [redacted].csv // [redacted].xlsx // [redacted].tif
11:51
Here are some file names.
11:51
https://temp.sh/[redacted].rar
18:05
Your requested files.
18:05
Thank you for providing those. I will have my IT and Leadership team look over these.
12:09
Okay, we'll be in touch.
14:52
Understood. No one is in the office today since it is Sunday. We will reach back out to you on Monday.
14:39
ok, we are in touch.
17:13
We have reviewed the files. How does your decryption process work? Do you send us one decryptor that restores all our systems or do you send decryptors for each system affected?
11:44
I can restore all your systems and data in to the original state. We can easily check it. You send me 3 encrypted files, I decrypt them and send you back to you. But these files should not contain important information.
16:58
After payment you receive one decryptor that restores all your systems.
17:01
Thank you for the information. We will work on getting some files to send you. How long will it take us to restore once we receive your tools?
12:38
Recovery time depends on the size of your system. Usually takes about 1 day.
15:36
We appreciate you answering our questions. I am still waiting for the files to test. When you say you will bring our systems and data to their original state, does that mean you guarantee that your tool will work on everything?
13:27
We think that you are simply delaying the time, and there is nothing to discuss. We have given the proof of the availability of files, we can also decrypt several encrypted files as a test for demonstrating our decryptor tool. That's all the discussions. Then you must pay the required amount, and we'll provide the program and help restore all your systems and data, also we'll delete all your data and send the deletion log.
20:04
there was no delaying in time your chat has been down for several days. We have files for you
14:23
Download file: [redacted].docx
14:23
Download file: [redacted].docx
14:24
Download file: [redacted].docx
14:24
Download file: [redacted].docx
20:26
Download file: [redacted].docx
20:26
Download file: [redacted].docx
20:26
Thank you for this. It is Sunday and that means no decision makers are here. We will be back in touch tomorrow.
13:34
My leadership and IT team are currently reviewing the files.
13:06
We have reviewed the files. Thank you for letting us test your decryption tool. A question has come up from my leadership. Will you provide assistance during the decryption process if we need it? How long will you keep the chat open?
14:37
We will give you a full support the decryption process if you need it. Chat will be open until we have fully fulfilled our obligations.
07:20
Also, after the payment:
1. You receive decryptors (Windows and Linux OS).
2. Your page will be totally deleted from the blog.
3. ALL your data will be deleted from our server and you will receive the full deletion log.
4. You will get penetration report and recommendations how to avoid such the situations in the future.
5. You receive the guarantee that Black Basta or anyone of our team will not NEVER attack you again.
07:20
Okay. Thank you. I will take this to my leadership. We appreciate you answering our questions.
14:36
Okay, we'll be in touch.
07:45
We appreciate you working with us and answering our questions. You are however, asking us to pay you a lot of money and we need time to place ourselves in a better financial position to reach an agreement with you. My leadership team is set to meet and discuss this in its finality next Thursday. If you could give us time from now until Friday morning to work hard to place ourselves in a better position, it would show a lot of good faith between us. We were also wondering if there were any discounts available to us so that I could bring that to my leadership during their meeting.
12:26
You had a lot off time. You have time until Monday. If your proposal is not satisfying us on Monday, we will start to publish your data on Tuesday and delete the chat.
19:38
We will take a step towards and make a 25% discount from the initial cost if you pay next week.
10:03
We appreciate the 25% discount and I will bring that to their attention. Monday is not enough time for us to put ourselves in a better financial position to reach what you are asking. Due to the time of year it is difficult to get all of the leadership together to meet on this. Thursday is the earliest they can all meet so they can all be on the same page with this situation. We are trying to work with you and we need you to work with us.
15:08
Sir, you see that we try to act as a businessman who like their business. We are patient, but we need to clearly understand how much time you need to be ready to pay. We can't wait forever.
10:53
We understand and we need until Friday due to our leadership all meeting on Thursday evening so that they can all be on the same page.
13:05
Okay, you have time until Friday. If your proposal is not satisfying us on Friday, we will start publishing your data on the weekend.
16:28
Thank you. We will reach out to you then.
16:40
You made your choice. Your time has passed, we are preparing your data for publication.
14:31
This information is provided by Valéry Marchive & Julien Mousqueton
