Ransomware negotiation(s) with
conti
readme.txt [ 1kB ]
5/13/2021, 1:44:20 PM
Waiting for instructions
5/13/2021, 1:44:40 PM
Welcome! [redacted]
5/13/2021, 1:46:02 PM
You need pay for decrypt your files. Your price is 200.000$
5/13/2021, 1:48:11 PM
Your network was hacked, workstations encrypted and we downloaded many private information from your servers. Note that we have also downloaded a lot of data from your network that in case of not making payment will be published on our website.
If you will spend 3 days in silence we will start publushing the information.
5/13/2021, 1:48:27 PM
Your price for non-recoverable deletion of all the leaked information, and decpryptor for your network is $200.000
5/13/2021, 1:48:56 PM
Sorry for the delay, we've been having a lot of internal meetings and want to work with you.
5/17/2021, 1:00:32 AM
We understand your problems. But we also see your turnover and the amount of information we downloaded from your network. Your losses, if the information reaches the public, will be tens of times more than we asked.
make your offer, you haven't given a single digit yet.
5/17/2021, 11:24:20 AM
Okay; as part of our conversations last night I was told to ask about getting a sample of data you might have taken
5/17/2021, 2:45:15 PM
We have your accounting, legal documents, finance, contracts and personal correspondence, DB, that's all I can say. It's about 50 Gigabate. You will receive a complete list of files after payment as well as a log of their removal from our server.
5/17/2021, 8:32:51 PM
[redacted]_proof.7z [ 3.1MB ]
5/17/2021, 8:33:17 PM
Proof Pack. Pass: 123123
5/17/2021, 8:33:41 PM
We will also try to find a buyer for your data and access to your network if you refuse to pay.
5/17/2021, 8:34:23 PM
Thank you; I will let my boss know. We want to work with you.
5/17/2021, 11:17:40 PM
We've been having some internal meetings and discussions and would like to make an offer of $22k
5/18/2021, 1:49:16 AM
Just wanted to follow up on this.
5/18/2021, 3:58:34 PM
Your offer has been rejected. Make a more reasonable offer based on our offer.
5/18/2021, 4:12:29 PM
I've went back to my boss and management, they understand the importance. We would like to extend an updated offer to $45K USD
5/18/2021, 6:29:00 PM
Well, we see constructive dialogue and make a discount. Your new price is $170,000.
5/18/2021, 8:13:32 PM
Let me check with my boss to what more we can offer, as that's still a lot of money for us.
5/18/2021, 9:17:28 PM
Just spoke with my boss and management was able to come up with some additional funds to make an offer of $62k
5/18/2021, 11:54:11 PM
Following up on the offer of $62k
5/19/2021, 1:52:10 AM
Well, we see constructive dialogue and make a discount. Your new price is $138,000.
5/19/2021, 8:16:02 AM
Let me talk to my boss, I will get back to you later this morning.
5/19/2021, 12:35:37 PM
Well, we are waiting, do not delay, this will entail negative consequences of publication.
5/19/2021, 12:36:24 PM
I was told to ask, if you can provide proof of decryption. Do I just upload a couple documents?
5/19/2021, 3:28:13 PM
[redacted].pdf.[redacted] [ 529kB ]
5/19/2021, 3:32:49 PM
Inventory Report [redacted].htm.xlsx.[redacted] [ 13kB ]
5/19/2021, 3:33:54 PM
[redacted] reimbursement Spreadsheet 7-29-2019.xlsx.[redacted] [ 11kB ]
5/19/2021, 3:34:00 PM
Hello?
5/19/2021, 4:55:17 PM
Have you gotten my messages?
5/19/2021, 7:54:45 PM
Wait.
5/19/2021, 9:58:00 PM
[redacted] reimbursement Spreadsheet 7-29-2019.xlsx [ 11kB ]
5/19/2021, 10:04:28 PM
Inventory Report [redacted].htm.xlsx [ 12kB ]
5/19/2021, 10:04:36 PM
[redacted].pdf [ 528kB ]
5/19/2021, 10:04:48 PM
Thank you; I'll let my bossy know
5/19/2021, 10:05:13 PM
Well, we are waiting, do not delay, this will entail negative consequences of publication.
5/19/2021, 10:05:44 PM
Should have a response here shortly, I know we have been discussing internally and trying to come up with some additional funds.
5/19/2021, 10:05:56 PM
We would like to make an additional offer; $74k
5/19/2021, 10:09:39 PM
Just wanted to follow up on the new offer of $74K
5/19/2021, 11:27:51 PM
Also, what would be the BTC Wallet for payment?
5/20/2021, 1:13:13 AM
Also, would we be able to get access to the data you have taken? Or something else like a file Tree?
5/20/2021, 9:38:47 AM
Your price for file tree & non-recoverable deletion of all the leaked information, and decpryptor for your network is $100.000. And we agree. We will not be able to make less than this proposal. Think about it.
5/20/2021, 10:29:48 AM
BTC Wallet: [redacted]
5/20/2021, 10:30:36 AM
If we can get payment over today, when should we expect the decryption key? I know comms have been rather slow.
5/20/2021, 10:51:45 AM
You'll get everything within 24 hours. after payment.
5/20/2021, 11:08:21 AM
We'll try to give it all out quickly.
5/20/2021, 11:09:27 AM
Is there a leak site we can check that you guys would publish to?
5/20/2021, 11:17:18 AM
http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/
5/20/2021, 11:20:31 AM
Thank you;
5/20/2021, 11:22:33 AM
Just got confirmation from my boss, we are working to make the $100k payment.
5/20/2021, 12:27:41 PM
Okay, we're waiting.
5/20/2021, 4:10:34 PM
This is still the BTC Wallet Correct: [redacted]
5/20/2021, 6:44:09 PM
BTC Wallet: [redacted]
5/20/2021, 6:49:49 PM
Confirmation #: [redacted]
5/21/2021, 12:18:25 AM
Can you confirm payment? When should we expect the decryption key?
5/21/2021, 10:57:35 AM
[redacted]_decryptor.exe [ 103kB ]
5/21/2021, 11:45:56 AM
Decryptor:
1) Launch the decryptor under Administrative rights
2) Wait till the decryptor window is closed
3) if any of the files haven't changed the extension back to the original - repeat 1 and 2
5/21/2021, 11:46:42 AM
The file tree and deletion log are expected to be checked out within 24 hours.
5/21/2021, 6:58:07 PM
Thank you
5/21/2021, 9:41:26 PM
Wait
5/22/2021, 1:12:01 AM
We have files that won't decrypt on several systems. I'm providing a few of those samples if you can update the decryption tool.
5/23/2021, 1:21:26 AM
[redacted]_.GIF.[redacted] [ 5kB ]
5/23/2021, 1:21:32 AM
[redacted].cab.[redacted] [ 8.6MB ]
5/23/2021, 1:22:16 AM
[redacted]_.WMF.[redacted] [ 6kB ]
5/23/2021, 1:22:25 AM
How long till we can get an updated decryption tool and file-tree & deletion of file-tree
5/24/2021, 2:35:35 PM
This 3 files are decrypted, just remove .[redacted] extension
5/24/2021, 7:05:57 PM
Your decryption tool left the extension to thousands, how do we go about removing the extension to thousands of files without potentially corrupting files that might still need to be decrypted.
5/24/2021, 8:05:36 PM
Try to run the decryptor again
5/24/2021, 8:24:15 PM
We did 3-4 times
5/25/2021, 1:31:04 PM
Any news on the updated decryption tool and file deletion?
5/25/2021, 7:51:14 PM
[redacted]_tree.zip [ 76kB ]
5/25/2021, 9:13:18 PM
SHRED_[redacted].zip [ 739kB ]
5/25/2021, 9:13:24 PM
file list and delete log
5/25/2021, 9:13:33 PM
Thank you; what about an updated decryption tool
5/26/2021, 12:32:09 AM
Really need that updated decryption tool. I've got thousands of files that I can't use and If I self remove thousands of extensions I fear that the files will be corrupted. You promised a working decryption key.
5/27/2021, 8:23:28 PM
I'm reaching out to the bigger Conti group.
5/28/2021, 8:39:31 PM
This information is provided by Valéry Marchive & Julien Mousqueton
