Ransomware negotiation(s) with  conti


Avatar

Please help us in decrypting the files

20/08/2021, 23:27:05

We will provide details on how to proceed shorty. 10-15 minutes.

20/08/2021, 23:32:29
Avatar

As you already know - your network and all of your data were encrypted by CONTI team. Besides the encryption process we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. How it happens can be seen on our website The recovery price is $980000 (20.02 btc). If you want to make sure we can recover all of your data - you can send us the two files of your choice and we will decrypt them free of charge. If we reach mutual agreement your will be provided with decryption tool, none of your internal data will be published and you will be provided with security tips on how to avoid further breaches. We strongly recommend to review our offer in a timely manner.

20/08/2021, 23:48:25
Avatar
Avatar

Are we able to see what is in that larger pack of documents that you took from us? This is a lot of money for us to pay without knowing what we are paying to protect.

22/08/2021, 02:15:37

Yes, sure. Will upload asap.

22/08/2021, 02:18:32
Avatar

listing_[redacted].rar [ 1.8MB ]

23/08/2021, 00:12:44
Avatar

[redacted]DATA.zip [ 74.2MB ]

23/08/2021, 00:18:31
Avatar

Upon conclusion of the agreement, our price includes 1) Universal decryptor for your network 2) Permanently delete all stolen information + logs of removing 3) Security advisories and report how we infiltrated your system --- You can choose any 2 files from the listing, we will discard them as proof that the files were really stolen You can also send 2 files for a free decrypt HIDE

23/08/2021, 00:34:34
Avatar

How quickly do you want to conclude an agreement?

23/08/2021, 00:35:09
Avatar
Avatar

Quickly, but we need some time tomorrow to review what you sent. It's late on a Sunday and no one is here. We'll get you an update tomorrow.

23/08/2021, 00:35:48
Avatar

Hello. We have spent the day reviewing and wanted to see if you would be able to accept $228,000 in return for a quick payment tomorrow. We can start looking for bitcoin brokers in the morning if this is acceptable.

24/08/2021, 02:03:09

No. We can give a small discount for speed Do you need a decryptor and data deletion?

24/08/2021, 02:12:53
Avatar
Avatar

Yes we need both. We will work to pay quickly. What can you do to help us?

24/08/2021, 05:55:35

Good If you pay until the end of the week - Discount% 30 $ 680.000

24/08/2021, 06:01:15
Avatar
Avatar

Ok, it's late here so I will bring this to the team first thing in the morning. Thank you.

24/08/2021, 06:02:48
Avatar

Thanks for being patient with us. I had a chance to talk with our finance team after they spoke with our primary bank today. We have the ability to take out a $60,000 loan which we can offer you. This would set us up to be able to pay you $288,000. We would really appreciate it if we can come to some sort of agreement as we have exhausted our options to come up with cash for you. I'm doing all I can here to get approvals and such, but it's just posing to be challenging.

24/08/2021, 18:59:30

We see what you want to conclude an agreement and can make a small step $ 630.000

24/08/2021, 21:53:09
Avatar

[redacted] - until the end of the week

24/08/2021, 21:53:31
Avatar
Avatar

Thanks. I will get in touch with our finance team and CEO in the morning to see what they are able to find. I know that they had not had positive news with our secondary bank given that someone told them it was for a ransom and they declined our application. Is there any BEST price that we could pay if we agreed on something tomorrow? Right now you are asking for more than double what we can possibly offer you, so maybe there is some benefit if we can pay you fast?

24/08/2021, 23:18:45

We can make it $500k if we close the deal tomorrow.

25/08/2021, 03:54:43
Avatar
Avatar

Ok let me get the team together in the morning and I will get back to you. Thank you.

25/08/2021, 04:26:28
Avatar

Ok, I was able to have a meeting with the finance team and CEO to discuss your proposal. We really appreciate your willingness to come down for us in return for a quick payment. The team had been able to confirm that if paid today, we can offer $330,000. But we would need to know soon because there are some hurdles on our end to try to get a payment out today.

25/08/2021, 16:06:51

$500.000 today.

25/08/2021, 16:09:49
Avatar
Avatar

We don't have access to $500,000 today, tomorrow, next week, or any time. We are trying to giving you our best offer that we can here, because anything higher is impossible for us to pay you.

25/08/2021, 16:13:12

Do you remember that we've had access to your network and went through your financial data? We wouldn't ask for anything you are unable to afford.

25/08/2021, 17:18:14
Avatar
Avatar

Yes, but if you saw our expenses you would see that our margins are extremely slim. Our industry relies on being the most affordable option, which means accepting slim margins to get work. Revenue may look good, but when we realize only 2% to 4%, you start to see that we are not extremely profitable

25/08/2021, 17:22:29

I'll talk to the team anyways, will try to get smth better but not sure if my boss agrees.

25/08/2021, 17:26:01
Avatar
Avatar

Thank you. I know you guys are looking to make money off of us, but we just want to be realistic with you here regarding what we can actually pay.

25/08/2021, 17:30:23

350k$ today

25/08/2021, 17:59:48
Avatar
Avatar

Okay, we are working on this

25/08/2021, 21:08:15
Avatar

Will you be around in about 1-2 hours? We should have the funds sent to you by then

25/08/2021, 22:50:42

ok

25/08/2021, 22:52:14
Avatar
Avatar

Payment has been sent

25/08/2021, 23:28:50
Avatar

Are you there?

25/08/2021, 23:50:40

yes

25/08/2021, 23:52:22
Avatar

We expect confirmations

25/08/2021, 23:52:49
Avatar

[redacted]_decryptor.exe [ 103kB ]

26/08/2021, 00:37:18
Avatar

Decryptor: 1) Launch the decryptor under Administrative rights 2) Wait till the decryptor window is closed 3) if any of the files haven't changed the extension back to the original - repeat 1 and 2

26/08/2021, 00:37:46
Avatar
Avatar

Thank you, what about the log for removing the stolen information and the security advisories and report? When will we receive those?

26/08/2021, 02:30:51
Avatar

Hello?

26/08/2021, 20:31:17

wait please

26/08/2021, 20:36:46
Avatar

- We recommend that you configure restrictions on system actions for ordinary users on all workstations. - Change passwords every 2 weeks and create more complex - Install an antivirus on every computer - Disable lsas dump on all computers - Monitoring of users on the network 2 times a week - Restrict access to servers for regular users - Reduce the number of domain admins - Set up a more complex data backup system

26/08/2021, 20:37:31
Avatar

[redacted].log [ 16.2MB ]

27/08/2021, 03:02:06
Avatar
Avatar

Thank you. Are you able to share the exact computer and method used to access our network?

27/08/2021, 15:09:23
Avatar

Why does the deletion log have fewer files than the file tree that you sent earlier? 166,429 files in the listing.txt vs the 149,914 files in [redacted].log

27/08/2021, 18:23:16
Avatar

Hello?

27/08/2021, 23:47:16

These are directory. Your files are removed. We work honestly.

29/08/2021, 13:56:53
Avatar
Avatar

What does that mean "these are directory?"

29/08/2021, 14:53:19
Avatar

Also, are you able to share the exact computer and method used to access our network?

30/08/2021, 15:23:35

mail

30/08/2021, 22:22:47
Avatar

This information is provided by Valéry Marchive & Julien Mousqueton

© 2024 Ransomware.live. All rights reserved.  |    Contact us  |    BlueSky  |    GitHub  |    LinkedIn

  Support Ransomare.live

Last Dataset update : 2024-11-21 09:05:04 UTC