Negotiation Chat – Conti
These negotiation chats are offered to you by
Valéry Marchive
and Julien Mousqueton.
Chat ID: 20210820
Please help us in decrypting the files
20/08/2021, 23:27:05
We will provide details on how to proceed shorty. 10-15 minutes.
20/08/2021, 23:32:29
As you already know - your network and all of your data were encrypted by CONTI team. Besides the encryption process we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. How it happens can be seen on our website
The recovery price is $980000 (20.02 btc). If you want to make sure we can recover all of your data - you can send us the two files of your choice and we will decrypt them free of charge.
If we reach mutual agreement your will be provided with decryption tool, none of your internal data will be published and you will be provided with security tips on how to avoid further breaches.
We strongly recommend to review our offer in a timely manner.
20/08/2021, 23:48:25
Are we able to see what is in that larger pack of documents that you took from us? This is a lot of money for us to pay without knowing what we are paying to protect.
22/08/2021, 02:15:37
Yes, sure. Will upload asap.
22/08/2021, 02:18:32
listing_[redacted].rar [ 1.8MB ]
23/08/2021, 00:12:44
[redacted]DATA.zip [ 74.2MB ]
23/08/2021, 00:18:31
Upon conclusion of the agreement, our price includes
1) Universal decryptor for your network
2) Permanently delete all stolen information + logs of removing
3) Security advisories and report how we infiltrated your system
---
You can choose any 2 files from the listing, we will discard them as proof that the files were really stolen
You can also send 2 files for a free decrypt
HIDE
23/08/2021, 00:34:34
How quickly do you want to conclude an agreement?
23/08/2021, 00:35:09
Quickly, but we need some time tomorrow to review what you sent. It's late on a Sunday and no one is here. We'll get you an update tomorrow.
23/08/2021, 00:35:48
Hello. We have spent the day reviewing and wanted to see if you would be able to accept $228,000 in return for a quick payment tomorrow. We can start looking for bitcoin brokers in the morning if this is acceptable.
24/08/2021, 02:03:09
No. We can give a small discount for speed
Do you need a decryptor and data deletion?
24/08/2021, 02:12:53
Yes we need both. We will work to pay quickly. What can you do to help us?
24/08/2021, 05:55:35
Good
If you pay until the end of the week - Discount% 30
$ 680.000
24/08/2021, 06:01:15
Ok, it's late here so I will bring this to the team first thing in the morning. Thank you.
24/08/2021, 06:02:48
Thanks for being patient with us. I had a chance to talk with our finance team after they spoke with our primary bank today. We have the ability to take out a $60,000 loan which we can offer you. This would set us up to be able to pay you $288,000. We would really appreciate it if we can come to some sort of agreement as we have exhausted our options to come up with cash for you. I'm doing all I can here to get approvals and such, but it's just posing to be challenging.
24/08/2021, 18:59:30
We see what you want to conclude an agreement and can make a small step
$ 630.000
24/08/2021, 21:53:09
[redacted] - until the end of the week
24/08/2021, 21:53:31
Thanks. I will get in touch with our finance team and CEO in the morning to see what they are able to find. I know that they had not had positive news with our secondary bank given that someone told them it was for a ransom and they declined our application. Is there any BEST price that we could pay if we agreed on something tomorrow? Right now you are asking for more than double what we can possibly offer you, so maybe there is some benefit if we can pay you fast?
24/08/2021, 23:18:45
We can make it $500k if we close the deal tomorrow.
25/08/2021, 03:54:43
Ok let me get the team together in the morning and I will get back to you. Thank you.
25/08/2021, 04:26:28
Ok, I was able to have a meeting with the finance team and CEO to discuss your proposal. We really appreciate your willingness to come down for us in return for a quick payment. The team had been able to confirm that if paid today, we can offer $330,000. But we would need to know soon because there are some hurdles on our end to try to get a payment out today.
25/08/2021, 16:06:51
$500.000
today.
25/08/2021, 16:09:49
We don't have access to $500,000 today, tomorrow, next week, or any time. We are trying to giving you our best offer that we can here, because anything higher is impossible for us to pay you.
25/08/2021, 16:13:12
Do you remember that we've had access to your network and went through your financial data? We wouldn't ask for anything you are unable to afford.
25/08/2021, 17:18:14
Yes, but if you saw our expenses you would see that our margins are extremely slim. Our industry relies on being the most affordable option, which means accepting slim margins to get work. Revenue may look good, but when we realize only 2% to 4%, you start to see that we are not extremely profitable
25/08/2021, 17:22:29
I'll talk to the team anyways, will try to get smth better but not sure if my boss agrees.
25/08/2021, 17:26:01
Thank you. I know you guys are looking to make money off of us, but we just want to be realistic with you here regarding what we can actually pay.
25/08/2021, 17:30:23
350k$ today
25/08/2021, 17:59:48
Okay, we are working on this
25/08/2021, 21:08:15
Will you be around in about 1-2 hours? We should have the funds sent to you by then
25/08/2021, 22:50:42
ok
25/08/2021, 22:52:14
Payment has been sent
25/08/2021, 23:28:50
Are you there?
25/08/2021, 23:50:40
yes
25/08/2021, 23:52:22
We expect confirmations
25/08/2021, 23:52:49
[redacted]_decryptor.exe [ 103kB ]
26/08/2021, 00:37:18
Decryptor:
1) Launch the decryptor under Administrative rights
2) Wait till the decryptor window is closed
3) if any of the files haven't changed the extension back to the original - repeat 1 and 2
26/08/2021, 00:37:46
Thank you, what about the log for removing the stolen information and the security advisories and report? When will we receive those?
26/08/2021, 02:30:51
Hello?
26/08/2021, 20:31:17
wait please
26/08/2021, 20:36:46
- We recommend that you configure restrictions on system actions for ordinary users on all workstations.
- Change passwords every 2 weeks and create more complex
- Install an antivirus on every computer
- Disable lsas dump on all computers
- Monitoring of users on the network 2 times a week
- Restrict access to servers for regular users
- Reduce the number of domain admins
- Set up a more complex data backup system
26/08/2021, 20:37:31
[redacted].log [ 16.2MB ]
27/08/2021, 03:02:06
Thank you. Are you able to share the exact computer and method used to access our network?
27/08/2021, 15:09:23
Why does the deletion log have fewer files than the file tree that you sent earlier? 166,429 files in the listing.txt vs the 149,914 files in [redacted].log
27/08/2021, 18:23:16
Hello?
27/08/2021, 23:47:16
These are directory. Your files are removed. We work honestly.
29/08/2021, 13:56:53
What does that mean "these are directory?"
29/08/2021, 14:53:19
Also, are you able to share the exact computer and method used to access our network?
30/08/2021, 15:23:35
mail
30/08/2021, 22:22:47