Ransomware negotiation(s) with  conti


Welcome! We are ready to help you.

5/3/2021, 3:35:07 PM
Avatar
Avatar

Our data is encrypted. Is there a way to get it back?

5/3/2021, 9:24:15 PM

You need pay for decrypt your files. Your price is 900.000$

5/3/2021, 9:32:15 PM
Avatar

The faster you pay the better for pricing - you can get discounts.

5/3/2021, 9:32:54 PM
Avatar

You need to pay this amount and we will give you decryptor for all your network, file tree on what we have downloaded from your network and wiping log of that information.

5/3/2021, 9:33:39 PM
Avatar

You can choose not to pay and then your data will be published in the media with subsequent sale.

5/3/2021, 9:34:40 PM
Avatar
Avatar

Ok. What kind of discount can we get?

5/4/2021, 4:30:45 PM

Let me give you an example : If you will decide to pay in nearest 48 hours, you can get 100k discount. We are interested in fast and effective communication, so be wise and don't waste each others time.

5/4/2021, 8:59:39 PM
Avatar
Avatar

We don't want to waste anyone's time here. While we appreciate the $100k discount, there still is no way we can afford $800k. We're not really even sure we need the decryption at this point. Can you give me a better number to take to the boss so we can weigh our options?

5/4/2021, 11:00:07 PM

You may refuse to pay this your choice. Then we'll release your hacking information. If this does not make you aware, we will publish some of your data for sale to interested parties. We took a step to meet. Now it's your turn. We're waiting for your best offer.

5/4/2021, 11:35:41 PM
Avatar
Avatar

Paying you seems like our quickest option to get our data back based on what we are reading compared to restoring. We spoke as a group and could pay you $150k if you promise you can unlock us quickly and you will delete our data and tell us what was taken. This offer only stands for tonight, and we arent going to go back and forth with you. How would we even make payment, do we wire you the money? This is our best and final offer.

5/5/2021, 12:34:48 AM

Offer of $150,000 to decline. Make the best offer.

5/5/2021, 11:27:44 AM
Avatar
Avatar

That was our best offer, but we will see if we can justify any higher expense. You wont take $150k but, $800k is way too much for us. We don't want to waste our time or yours. I'm sure you have a number which is the lowest you will accept. If you tell us what the lowest you will accept is, we can see if its something we can afford or if we are better off letting you have the stolen data and rebuilding. The bosses here have told me we need to make a decision today, we can't be negotiating forever, and I'm sure you don't want to be either. We think our 150K is more than reasonable and we were truthful with our highest offer, but if you come close, they owners here might accept.

5/5/2021, 12:55:58 PM

considering your desire to resolve the issue quickly ,the price is 500.000$. Let's solve it fast.

5/5/2021, 2:53:52 PM
Avatar
Avatar

Logo.png.DATA.[redacted] [ 33kB ]

5/5/2021, 3:00:41 PM
Avatar

SmallLogo.png.DATA.[redacted] [ 17kB ]

5/5/2021, 3:00:50 PM
Avatar

Can you decrypt these files and send them back?

5/5/2021, 3:00:53 PM

Logo.png.DATA [ 32kB ]

5/5/2021, 3:13:07 PM
Avatar

SmallLogo.png.DATA [ 16kB ]

5/5/2021, 3:14:03 PM
Avatar
Avatar

desktop.ini.[redacted] [ 1kB ]

5/5/2021, 8:00:46 PM
Avatar

We want to come to an agreement but 500k is so much more we can afford. The owner wants me to start on recovery from the backups but it will take a few days and we will be down. He told me we could pay 250k if you agree today and tell us how to pay. If we pay does the unlock go quick? We also found some additional files that are different. Can you prove you can unlock these too?

5/5/2021, 8:01:07 PM
Avatar

vmxnet[redacted].inf.[redacted] [ 34kB ]

5/5/2021, 8:01:25 PM

Offer of $250,000 to decline.

5/5/2021, 8:20:07 PM
Avatar
Avatar

The owner is asking me how quick we can be back up and running if we pay and how does payment actually work? If we agree to terms he would like to have this done ASAP so we can put this behind us. So we can stop going back and forth what is the best price you can take?

5/5/2021, 10:10:13 PM

desktop.ini [ 1kB ]

5/6/2021, 7:16:41 AM
Avatar

vmxnet[redacted].inf [ 33kB ]

5/6/2021, 7:16:47 AM
Avatar

You can back up really fast, depends of the size of your network. You should buy bitcoins for 500k, and send them to address which will give you.

5/6/2021, 7:34:50 AM
Avatar
Avatar

Okay, we would prefer to decrypt rather than going through a rebuild, but for 500K we can't do it. We see the proof and know you can decrypt. If you accept $325K, you have a deal, and we can pay you today. We hope that makes sense for both of us. We found a company that we can wire money to and they can send you Bitcoins. Let us know if we should prep the $325K. For this, we need the decryption program, we need to know what you have taken, and we need some sort of proof or promise of deletion of our stolen data.

5/6/2021, 9:45:56 AM
Avatar

We also need to know your Bitcoin address.

5/6/2021, 10:24:48 AM

If you delay the negotiations, on Monday we will release information about the fact of hacking your network. Further, if you do not understand this, we will publish part of the data to find a buyer for them. We went to your meeting, gave you a good discount. You started pulling time and making us brains. We don't like it. Measures will follow to sober you up. Think three times before you start playing script games with us.

5/6/2021, 12:34:37 PM
Avatar

We'll go to your meeting. Price $450,000 That's the minimum and that's for sure.

5/6/2021, 12:36:41 PM
Avatar

$450,000 and we agree. Wallet: [redacted]

5/6/2021, 12:38:11 PM
Avatar
Avatar

Ok. We will work on payment now.

5/6/2021, 1:25:25 PM

Okay, we're waiting.

5/6/2021, 1:38:50 PM
Avatar
Avatar

Payment has been been completed. Please send decryption tool as soon as possible. https://www.blockchain.com/btc/tx/[redacted]

5/6/2021, 8:07:54 PM

Status:Confirmed

5/6/2021, 9:35:17 PM
Avatar

Expect you to get everything soon.

5/6/2021, 9:35:32 PM
Avatar

Everything will be given to you tomorrow. The technician is now absent.

5/6/2021, 10:29:33 PM
Avatar

[redacted]_decryptor.exe [ 103kB ]

5/6/2021, 10:47:19 PM
Avatar

Decryptor: 1) Launch the decryptor under Administrative rights 2) Wait till the decryptor window is closed 3) if any of the files haven't changed the extension back to the original - repeat 1 and 2

5/6/2021, 10:47:45 PM
Avatar

Wait. Your date is still to be deleted.

5/7/2021, 9:20:42 PM
Avatar

[redacted]_tree.txt.7z [ 842kB ]

5/8/2021, 7:27:37 PM
Avatar

Wait. Your date is still to be deleted.

5/8/2021, 7:28:04 PM
Avatar

SHRED_[redacted].txt.7z [ 7.6MB ]

5/11/2021, 3:30:47 PM
Avatar

Your deletion log. Please contact us if you have any questions.

5/11/2021, 3:44:14 PM
Avatar

This information is provided by Valéry Marchive

© 2024 Ransomware.live. All rights reserved.  |    Contact us  |    BlueSky  |    GitHub  |    LinkedIn

  Support Ransomare.live

Last Dataset update : 2024-09-19 17:04:10 UTC