Ransomware negotiation(s) with  conti


Avatar

The note said to contact you here, what do we do next?

5/17/2021, 11:30:31 PM

Welcome! We are ready to help you.

5/18/2021, 9:26:03 AM
Avatar
Avatar

our network is locked

5/18/2021, 2:13:45 PM
Avatar

we need your help

5/18/2021, 2:17:49 PM

Give us some time, and we will definitely help you. Expect instructions please.

5/18/2021, 4:10:08 PM
Avatar

Welcome! [redacted]

5/18/2021, 4:36:15 PM
Avatar

You need pay for decrypt your files. Your price is 400.000$

5/18/2021, 4:36:40 PM
Avatar

You need to pay this amount and we will give you decryptor for all your network, file tree on what we have downloaded from your network and wiping log of that information.

5/18/2021, 4:49:42 PM
Avatar

We will also try to find a buyer for your data and access to your network if you refuse to pay.

5/18/2021, 4:50:31 PM
Avatar
Avatar

we do not have that much money, we are still recovering due to covid.

5/18/2021, 8:13:52 PM

Make a reasonable offer based on our offer.

5/18/2021, 8:17:00 PM
Avatar
Avatar

we dont have that much money, help us out, we are in a bad place

5/18/2021, 8:35:55 PM
Avatar

my boss just told me that we can give you $42,850,

5/19/2021, 3:50:51 AM

Well, we see constructive dialogue and make a discount. Your new price is $357.150

5/19/2021, 8:01:59 AM
Avatar
Avatar

thats still too much for us, i will take it to my boss

5/19/2021, 3:23:52 PM

Make a reasonable offer based on our offer.

5/19/2021, 3:24:57 PM
Avatar

Reputation is expensive.

5/19/2021, 3:25:46 PM
Avatar
Avatar

my boss wants proof of what you got, but we can come with 73,250 which is a large amount

5/19/2021, 5:46:21 PM

Well, we see constructive dialogue and make a discount. Your new price is $326.750

5/19/2021, 10:03:39 PM
Avatar

We will send you 30% of the file tree, you will select any 3 pcs of non-sensitive information and we will provide them to you as evidence.

5/19/2021, 10:04:23 PM
Avatar
Avatar

send us the file tree and i can show it to my boss, with the new amount

5/19/2021, 10:58:27 PM

wait.

5/20/2021, 10:45:36 AM
Avatar

30%_tree_[redacted].txt.7z [ 126kB ]

5/20/2021, 10:48:30 AM
Avatar

Pass: 123123

5/20/2021, 10:48:41 AM
Avatar
Avatar

we want to get this done quickly and can offer $98,350.00

5/20/2021, 3:55:30 PM

Well, we see constructive dialogue and make a discount. Your new price is $301.650

5/20/2021, 4:08:06 PM
Avatar
Avatar

we don't have that much, but made some more cuts and can offer 137,500

5/20/2021, 6:10:11 PM

Well, we see constructive dialogue and make a discount. Your new price is $262.500

5/20/2021, 6:15:26 PM
Avatar

We move to meet each other - this positively affects the likelihood of an agreement.

5/20/2021, 6:15:36 PM
Avatar
Avatar

laptop proposals.pdf.[redacted] [ 3.8MB ]

5/20/2021, 10:01:19 PM
Avatar

Registry Fix.jpg.[redacted] [ 73kB ]

5/20/2021, 10:01:30 PM
Avatar

we would like proof you can decrypt

5/20/2021, 10:01:36 PM

Wait.

5/20/2021, 10:14:31 PM
Avatar

laptop proposals.pdf [ 3.8MB ]

5/20/2021, 10:22:04 PM
Avatar

Registry Fix.jpg [ 72kB ]

5/20/2021, 10:22:15 PM
Avatar
Avatar

if you will accept $182,450 we can make the payment within 24 hours

5/20/2021, 11:41:40 PM

$200,000 and we agree. Think well, this is our minimum offer.

5/21/2021, 12:00:28 PM
Avatar
Avatar

We agree to the price for the decryptor, file tree, and proof of deletion. How do we finish this up?

5/21/2021, 3:36:08 PM
Avatar

Also we can't get into our systems, will you give instructions on that also?

5/21/2021, 4:49:03 PM

BTC Wallet: [redacted]

5/21/2021, 6:39:13 PM
Avatar

Once you pay, you'll get a file tree, deletion log, and a decryptor for all your computers.

5/21/2021, 6:40:12 PM
Avatar
Avatar

What about the machine we cant get into?

5/21/2021, 6:43:21 PM

What hostnames are the speech about?

5/21/2021, 6:52:37 PM
Avatar
Avatar

I will get a list from our IT leaders

5/21/2021, 6:58:00 PM

What's wrong with passwords from accounts? or what? Explain in more detail the problem is not very clear.

5/21/2021, 6:59:15 PM
Avatar

Of course, we will help if it depends on us.

5/21/2021, 6:59:56 PM
Avatar
Avatar

We have made the payment, please let me know it went through

5/21/2021, 7:12:12 PM

[redacted]_decryptor.exe [ 103kB ]

5/21/2021, 7:36:10 PM
Avatar

Decryptor: 1) Launch the decryptor under Administrative rights 2) Wait till the decryptor window is closed 3) if any of the files haven't changed the extension back to the original - repeat 1 and 2

5/21/2021, 7:37:07 PM
Avatar

The file tree and deletion log are expected to be checked out within 24 hours.

5/22/2021, 1:12:35 AM
Avatar
Avatar

How does that work? Do you give us the data back? Sorry but we have never done this before.

5/22/2021, 4:46:19 PM

Wait for the file list and delete log. will receive within 48 hours. Instructions for working with the decryptor are written above. Get an IT specialist to help you recover.

5/22/2021, 5:39:13 PM
Avatar
Avatar

can we get our file list and delete log?

5/25/2021, 5:30:45 PM

[redacted]_tree.zip [ 433kB ]

5/25/2021, 9:11:35 PM
Avatar

SHRED_[redacted].zip [ 4.4MB ]

5/25/2021, 9:11:54 PM
Avatar

file list and delete log

5/25/2021, 9:12:07 PM
Avatar

This information is provided by Valéry Marchive & Julien Mousqueton

© 2024 Ransomware.live. All rights reserved.  |    Contact us  |    BlueSky  |    GitHub  |    LinkedIn

  Support Ransomare.live

Last Dataset update : 2024-11-21 08:35:04 UTC