Ransomware.live 👀

[Chat started]

16.09.2022 22:22:18 UTC

Hello

16.09.2022 22:22:35 UTC

we ahve seen a note on our systems asking to contact you

16.09.2022 22:22:54 UTC

how does this work?

16.09.2022 22:23:07 UTC

we are destroyed

16.09.2022 22:23:35 UTC

hello?

16.09.2022 22:29:23 UTC

hi

16.09.2022 23:52:44 UTC

to decrypt the data and avoid publication you need to pay us. we haven't published your name on our blog yet

16.09.2022 23:52:59 UTC

we think your page is not working properly, we tried 2 first links and it got stuck on the logo and 3 items flipping around all time after some 5 minutes loading

17.09.2022 02:47:53 UTC

is there some other way we canc omunicate?

17.09.2022 02:48:14 UTC

use mirrors, we under ddos

17.09.2022 02:48:19 UTC

and also, which data do you mean? can we know which data did you get from us?

17.09.2022 02:48:43 UTC

You can reach us at any of these links using a Tor browser: http://lockbitsupa7e3b4pkn4mgkgojrl5iqgx24clbzc4xm7i6jeetsia3qd.onion http://lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion http://lockbitsupo7vv5vcl3jxpsdviopwvasljqcstym6efhh6oze7c6xjad.onion http://lockbitsupq3g62dni2f36snrdb4n5qzqvovbtkt5xffw3draxk6gwqd.onion http://lockbitsupqfyacidr6upt6nhhyipujvaablubuevxj6xy3frthvr3yd.onion http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion http://lockbitsupxcjntihbmat4rrh7ktowips2qzywh6zer5r3xafhviyhqd.onion

17.09.2022 02:48:57 UTC

now it looks like http://lockbitsupdwon76nzykzblcplixwts4n4zoecugz2bxabtapqvmzqqd.onion/ its working

17.09.2022 02:49:44 UTC

thanks god

17.09.2022 02:50:02 UTC

well, tell me, what data do you mean?

17.09.2022 02:50:23 UTC

data from your network

17.09.2022 02:50:54 UTC

we have 150 computers

17.09.2022 02:51:22 UTC

which data? so I can tell the bosses

17.09.2022 02:51:35 UTC

we will give you this information after you pay the ransom

17.09.2022 02:52:20 UTC

we dont know how all this thing works yet, our tech group is scheduled to come early tomorrow

17.09.2022 02:52:48 UTC

if you tell us which data you got, we can say this on our meeting with our managers

17.09.2022 02:53:24 UTC

understand our position, our ability to pay will depend on what our IT staff says tomorrow and which folders/files we risk being published

17.09.2022 03:23:06 UTC

we are an small company which is already struggling to stand by, this has greatly affected our ability to give service to our customers

17.09.2022 03:23:57 UTC

we will soon send you a tree of stolen data

17.09.2022 09:33:55 UTC

ok

17.09.2022 11:16:53 UTC

https://temp.sh/vpCYM/vit%20list.txt

17.09.2022 13:08:28 UTC

130k files, 122gb

17.09.2022 13:15:49 UTC

Ok, I will check with the team and get back to you

17.09.2022 19:40:43 UTC

how much money is this all going to cost us?

17.09.2022 19:40:57 UTC

can we see those files?

17.09.2022 19:43:57 UTC

\VITALITYHP\Vitality Health Plan\2019 Marketing Materials\Business Card [.] Biz Card Back.pdf Biz Card Front2-01.png [..] Biz Card Back2-01.png [redacted].pdf

17.09.2022 19:44:14 UTC

Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf Vitality_[redacted].pdf

17.09.2022 19:44:57 UTC

some of them, just to see that you really have the files

17.09.2022 19:45:09 UTC

We'll send you the files in a moment

17.09.2022 19:55:28 UTC

The price of decrypt and delete data 1.000.000$. we accept payment in BTC

17.09.2022 19:57:17 UTC

https://temp.sh/TSyij/files.zip

17.09.2022 20:12:44 UTC

1 million is absolutely out of range

17.09.2022 23:17:09 UTC

however, thanks for all the informationa nd files, we will have a meeting on monday morning and tell you something

17.09.2022 23:19:37 UTC

We studied your revenue data. we found information that the revenue is about $100 million. in addition, your site translates to the site of a large california company with $1 billion in revenue. based on this, the requested amount is quite real. pay and no one will ever know about the attack. we will return all your files and tell you about the attack, and delete your data from our servers forever. if you delay and do not negotiate actively, we will publish a post about you on our blog.

17.09.2022 23:24:23 UTC

https://www.bleepingcomputer.com/news/security/lockbit-victim-estimates-cost-of-ransomware-attack-to-be-42-million/

17.09.2022 23:26:46 UTC

One company refused to pay the ransom. and suffered a lot. there is a lot of information about us on the internet. here is an example

17.09.2022 23:27:13 UTC

our revenue isnt even close to $100 million, $1 mimllion is too much

19.09.2022 22:11:38 UTC

bosses are willing to pay a much smaller sum

19.09.2022 22:11:53 UTC

given that we have backups and the data you took is not sensitve at all

19.09.2022 22:12:09 UTC

we know who you are, and we know you are at least reliable

19.09.2022 22:12:20 UTC

bosses said they can pay $100k without need for additional requests/meetings, think about it

19.09.2022 22:12:40 UTC

No, it's not enough!

19.09.2022 22:15:03 UTC

we have finance dept, with its own CEO and he is not willing to give more than that.

19.09.2022 22:19:05 UTC

we have your sensitive data, marketing data, financial data, passports, iti, transactions, and so on. so think about the damage that publishing data can do to you. think about the damage you will get.

19.09.2022 22:19:18 UTC

we can negotiate, but anything above that is going to require a lot of paperwork, meetings, approvals and so on

19.09.2022 22:19:34 UTC

yes, we know, thats why we are here trying to find a solution

19.09.2022 22:20:00 UTC

if you are not ready to pay more than 100k, you can leave the chat room and wait for the publication of your data

19.09.2022 22:21:17 UTC

100k is what we can pay now, 1 million we can never pay

19.09.2022 22:26:28 UTC

anything between, will take time

19.09.2022 22:26:50 UTC

for now, you have time to find money. but time will not last indefinitely. we need a deadline. if you drive unproductive talks, or don't come in for a chat, we will publish a post about your company on our blog. so far, we haven't done that

19.09.2022 22:30:01 UTC

We know exactly who you are. don't start talking about limiting finances and so on. we know who you are and how much you can pay. so we will stand our ground and take tough measures in case of disobedience

19.09.2022 22:32:30 UTC

you dont know who I am, otherwise you would not be here

26.09.2022 01:06:49 UTC

tell your boss I dont throw him to the dogs because I respect him, his brother and what they say

26.09.2022 01:07:33 UTC

I mean the real boss, not lockbitsupp

26.09.2022 01:07:55 UTC

good luck

26.09.2022 01:09:02 UTC

Put aside unnecessary talk. negotiate constructively.

26.09.2022 09:48:02 UTC

just tell your boss and his brother that I appreciate them, thats all

30.09.2022 01:00:33 UTC

tell lockbitsupp to send it to the real owners

30.09.2022 01:00:45 UTC

that doesn't make sense. why are you coming in here?

30.09.2022 16:14:11 UTC

your feud with the cats should be coming to an end, at least on the public domain

04.10.2022 02:36:05 UTC

what is the point of giving away so much information in front of everyone who wants to read xss?

04.10.2022 02:36:23 UTC

its good for none of you and very valuable for FEDs and their cheap dogs, researchers

04.10.2022 02:36:43 UTC

If you're not interested, leave the chat room and don't come in.

04.10.2022 11:03:59 UTC

nice honeypot that you locked

09.10.2022 23:09:15 UTC

well, not even locked beacuse you just ran your locker and left, backups where there and esxi too

09.10.2022 23:09:55 UTC

I will take your advice to not come back, take care my friend.

09.10.2022 23:10:27 UTC

bye

10.10.2022 07:43:28 UTC