[Chat started]
16.09.2022 22:22:18 UTC
Hello
16.09.2022 22:22:35 UTC
we ahve seen a note on our systems asking to contact you
16.09.2022 22:22:54 UTC
how does this work?
16.09.2022 22:23:07 UTC
we are destroyed
16.09.2022 22:23:35 UTC
hello?
16.09.2022 22:29:23 UTC
hi
16.09.2022 23:52:44 UTC
to decrypt the data and avoid publication you need to pay us. we haven't published your name on our blog yet
16.09.2022 23:52:59 UTC
we think your page is not working properly, we tried 2 first links and it got stuck on the logo and 3 items flipping around all time after some 5 minutes loading
17.09.2022 02:47:53 UTC
is there some other way we canc omunicate?
17.09.2022 02:48:14 UTC
use mirrors, we under ddos
17.09.2022 02:48:19 UTC
and also, which data do you mean? can we know which data did you get from us?
17.09.2022 02:48:43 UTC
You can reach us at any of these links using a Tor browser: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion http://lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion http://lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion http://lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion http://lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion
17.09.2022 02:48:57 UTC
now it looks like http://lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion/ its working
17.09.2022 02:49:44 UTC
thanks god
17.09.2022 02:50:02 UTC
well, tell me, what data do you mean?
17.09.2022 02:50:23 UTC
data from your network
17.09.2022 02:50:54 UTC
we have 150 computers
17.09.2022 02:51:22 UTC
which data? so I can tell the bosses
17.09.2022 02:51:35 UTC
we will give you this information after you pay the ransom
17.09.2022 02:52:20 UTC
we dont know how all this thing works yet, our tech group is scheduled to come early tomorrow
17.09.2022 02:52:48 UTC
if you tell us which data you got, we can say this on our meeting with our managers
17.09.2022 02:53:24 UTC
understand our position, our ability to pay will depend on what our IT staff says tomorrow and which folders/files we risk being published
17.09.2022 03:23:06 UTC
we are an small company which is already struggling to stand by, this has greatly affected our ability to give service to our customers
17.09.2022 03:23:57 UTC
we will soon send you a tree of stolen data
17.09.2022 09:33:55 UTC
ok
17.09.2022 11:16:53 UTC
https://temp.sh/vpCYM/vit%20list.txt
17.09.2022 13:08:28 UTC
130k files, 122gb
17.09.2022 13:15:49 UTC
Ok, I will check with the team and get back to you
17.09.2022 19:40:43 UTC
how much money is this all going to cost us?
17.09.2022 19:40:57 UTC
can we see those files?
17.09.2022 19:43:57 UTC
\VITALITYHP\Vitality Health Plan\2019 Marketing Materials\Business Card [.] Biz Card Back.pdf Biz Card Front2-01.png [..] Biz Card Back2-01.png [redacted].pdf
17.09.2022 19:44:14 UTC
Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf
17.09.2022 19:44:57 UTC
some of them, just to see that you really have the files
17.09.2022 19:45:09 UTC
We'll send you the files in a moment
17.09.2022 19:55:28 UTC
The price of decrypt and delete data 1.000.000$. we accept payment in BTC
17.09.2022 19:57:17 UTC
https://temp.sh/TSyij/files.zip
17.09.2022 20:12:44 UTC
1 million is absolutely out of range
17.09.2022 23:17:09 UTC
however, thanks for all the informationa nd files, we will have a meeting on monday morning and tell you something
17.09.2022 23:19:37 UTC
We studied your revenue data. we found information that the revenue is about $100 million. in addition, your site translates to the site of a large california company with $1 billion in revenue. based on this, the requested amount is quite real. pay and no one will ever know about the attack. we will return all your files and tell you about the attack, and delete your data from our servers forever. if you delay and do not negotiate actively, we will publish a post about you on our blog.
17.09.2022 23:24:23 UTC
https://www.bleepingcomputer.com/news/security/lockbit-victim-estimates-cost-of-ransomware-attack-to-be-42-million/
17.09.2022 23:26:46 UTC
One company refused to pay the ransom. and suffered a lot. there is a lot of information about us on the internet. here is an example
17.09.2022 23:27:13 UTC
our revenue isnt even close to $100 million, $1 mimllion is too much
19.09.2022 22:11:38 UTC
bosses are willing to pay a much smaller sum
19.09.2022 22:11:53 UTC
given that we have backups and the data you took is not sensitve at all
19.09.2022 22:12:09 UTC
we know who you are, and we know you are at least reliable
19.09.2022 22:12:20 UTC
bosses said they can pay $100k without need for additional requests/meetings, think about it
19.09.2022 22:12:40 UTC
No, it's not enough!
19.09.2022 22:15:03 UTC
we have finance dept, with its own CEO and he is not willing to give more than that.
19.09.2022 22:19:05 UTC
we have your sensitive data, marketing data, financial data, passports, iti, transactions, and so on. so think about the damage that publishing data can do to you. think about the damage you will get.
19.09.2022 22:19:18 UTC
we can negotiate, but anything above that is going to require a lot of paperwork, meetings, approvals and so on
19.09.2022 22:19:34 UTC
yes, we know, thats why we are here trying to find a solution
19.09.2022 22:20:00 UTC
if you are not ready to pay more than 100k, you can leave the chat room and wait for the publication of your data
19.09.2022 22:21:17 UTC
100k is what we can pay now, 1 million we can never pay
19.09.2022 22:26:28 UTC
anything between, will take time
19.09.2022 22:26:50 UTC
for now, you have time to find money. but time will not last indefinitely. we need a deadline. if you drive unproductive talks, or don't come in for a chat, we will publish a post about your company on our blog. so far, we haven't done that
19.09.2022 22:30:01 UTC
We know exactly who you are. don't start talking about limiting finances and so on. we know who you are and how much you can pay. so we will stand our ground and take tough measures in case of disobedience
19.09.2022 22:32:30 UTC
you dont know who I am, otherwise you would not be here
26.09.2022 01:06:49 UTC
tell your boss I dont throw him to the dogs because I respect him, his brother and what they say
26.09.2022 01:07:33 UTC
I mean the real boss, not lockbitsupp
26.09.2022 01:07:55 UTC
good luck
26.09.2022 01:09:02 UTC
Put aside unnecessary talk. negotiate constructively.
26.09.2022 09:48:02 UTC
just tell your boss and his brother that I appreciate them, thats all
30.09.2022 01:00:33 UTC
tell lockbitsupp to send it to the real owners
30.09.2022 01:00:45 UTC
that doesn't make sense. why are you coming in here?
30.09.2022 16:14:11 UTC
your feud with the cats should be coming to an end, at least on the public domain
04.10.2022 02:36:05 UTC
what is the point of giving away so much information in front of everyone who wants to read xss?
04.10.2022 02:36:23 UTC
its good for none of you and very valuable for FEDs and their cheap dogs, researchers
04.10.2022 02:36:43 UTC
If you're not interested, leave the chat room and don't come in.
04.10.2022 11:03:59 UTC
nice honeypot that you locked
09.10.2022 23:09:15 UTC
well, not even locked beacuse you just ran your locker and left, backups where there and esxi too
09.10.2022 23:09:55 UTC
I will take your advice to not come back, take care my friend.
09.10.2022 23:10:27 UTC
bye
10.10.2022 07:43:28 UTC
This information is provided by Valéry Marchive
