Ransomware negotiation(s) with
conti
The note said to contact you here, what do we do next?
5/17/2021, 11:30:31 PM
Welcome! We are ready to help you.
5/18/2021, 9:26:03 AM
our network is locked
5/18/2021, 2:13:45 PM
we need your help
5/18/2021, 2:17:49 PM
Give us some time, and we will definitely help you. Expect instructions please.
5/18/2021, 4:10:08 PM
Welcome! [redacted]
5/18/2021, 4:36:15 PM
You need pay for decrypt your files. Your price is 400.000$
5/18/2021, 4:36:40 PM
You need to pay this amount and we will give you decryptor for all your network, file tree on what we have downloaded from your network and wiping log of that information.
5/18/2021, 4:49:42 PM
We will also try to find a buyer for your data and access to your network if you refuse to pay.
5/18/2021, 4:50:31 PM
we do not have that much money, we are still recovering due to covid.
5/18/2021, 8:13:52 PM
Make a reasonable offer based on our offer.
5/18/2021, 8:17:00 PM
we dont have that much money, help us out, we are in a bad place
5/18/2021, 8:35:55 PM
my boss just told me that we can give you $42,850,
5/19/2021, 3:50:51 AM
Well, we see constructive dialogue and make a discount. Your new price is $357.150
5/19/2021, 8:01:59 AM
thats still too much for us, i will take it to my boss
5/19/2021, 3:23:52 PM
Make a reasonable offer based on our offer.
5/19/2021, 3:24:57 PM
Reputation is expensive.
5/19/2021, 3:25:46 PM
my boss wants proof of what you got, but we can come with 73,250 which is a large amount
5/19/2021, 5:46:21 PM
Well, we see constructive dialogue and make a discount. Your new price is $326.750
5/19/2021, 10:03:39 PM
We will send you 30% of the file tree, you will select any 3 pcs of non-sensitive information and we will provide them to you as evidence.
5/19/2021, 10:04:23 PM
send us the file tree and i can show it to my boss, with the new amount
5/19/2021, 10:58:27 PM
wait.
5/20/2021, 10:45:36 AM
30%_tree_[redacted].txt.7z [ 126kB ]
5/20/2021, 10:48:30 AM
Pass: 123123
5/20/2021, 10:48:41 AM
we want to get this done quickly and can offer $98,350.00
5/20/2021, 3:55:30 PM
Well, we see constructive dialogue and make a discount. Your new price is $301.650
5/20/2021, 4:08:06 PM
we don't have that much, but made some more cuts and can offer 137,500
5/20/2021, 6:10:11 PM
Well, we see constructive dialogue and make a discount. Your new price is $262.500
5/20/2021, 6:15:26 PM
We move to meet each other - this positively affects the likelihood of an agreement.
5/20/2021, 6:15:36 PM
laptop proposals.pdf.[redacted] [ 3.8MB ]
5/20/2021, 10:01:19 PM
Registry Fix.jpg.[redacted] [ 73kB ]
5/20/2021, 10:01:30 PM
we would like proof you can decrypt
5/20/2021, 10:01:36 PM
Wait.
5/20/2021, 10:14:31 PM
laptop proposals.pdf [ 3.8MB ]
5/20/2021, 10:22:04 PM
Registry Fix.jpg [ 72kB ]
5/20/2021, 10:22:15 PM
if you will accept $182,450 we can make the payment within 24 hours
5/20/2021, 11:41:40 PM
$200,000 and we agree. Think well, this is our minimum offer.
5/21/2021, 12:00:28 PM
We agree to the price for the decryptor, file tree, and proof of deletion. How do we finish this up?
5/21/2021, 3:36:08 PM
Also we can't get into our systems, will you give instructions on that also?
5/21/2021, 4:49:03 PM
BTC Wallet: [redacted]
5/21/2021, 6:39:13 PM
Once you pay, you'll get a file tree, deletion log, and a decryptor for all your computers.
5/21/2021, 6:40:12 PM
What about the machine we cant get into?
5/21/2021, 6:43:21 PM
What hostnames are the speech about?
5/21/2021, 6:52:37 PM
I will get a list from our IT leaders
5/21/2021, 6:58:00 PM
What's wrong with passwords from accounts? or what? Explain in more detail the problem is not very clear.
5/21/2021, 6:59:15 PM
Of course, we will help if it depends on us.
5/21/2021, 6:59:56 PM
We have made the payment, please let me know it went through
5/21/2021, 7:12:12 PM
[redacted]_decryptor.exe [ 103kB ]
5/21/2021, 7:36:10 PM
Decryptor:
1) Launch the decryptor under Administrative rights
2) Wait till the decryptor window is closed
3) if any of the files haven't changed the extension back to the original - repeat 1 and 2
5/21/2021, 7:37:07 PM
The file tree and deletion log are expected to be checked out within 24 hours.
5/22/2021, 1:12:35 AM
How does that work? Do you give us the data back? Sorry but we have never done this before.
5/22/2021, 4:46:19 PM
Wait for the file list and delete log. will receive within 48 hours. Instructions for working with the decryptor are written above. Get an IT specialist to help you recover.
5/22/2021, 5:39:13 PM
can we get our file list and delete log?
5/25/2021, 5:30:45 PM
[redacted]_tree.zip [ 433kB ]
5/25/2021, 9:11:35 PM
SHRED_[redacted].zip [ 4.4MB ]
5/25/2021, 9:11:54 PM
file list and delete log
5/25/2021, 9:12:07 PM
This information is provided by Valéry Marchive
