Greetings! We are ready to help you! What are your problems?

What happened? The bad news is that we have hacked your network and encrypted your servers. We have also downloaded more than 500GB of your private data including financial, contracts, databases and other papers containing SSN DOB addresses and other private customers info. In case of publishing this data you will have huge legal and government fines. The good news is that we are businessmans and we want to get a ransom for everything to unlock and keep in secret.

We're confused about your message. We'd like to start negotiations. Would you like to protect this chat with password to avoid unauthorized access?

Glad to see you,your price for decryption and data removal is $9'000'000. We have somewhat about 1TB of financial reports, contracts etc. downloaded.

You can also protect our chat from untrusted staff with a password. Just ask us and we will open protection feature for you.

Please, be careful - if you try to decrypt or change your files - you will destroy all the information. We hope to reach an agreement. Thank you.

Of course, the price is high, but it is much, much more cheaper, than pay to all the lawsuits, that your clients will send to you, because you have lost so much of their data. Companies of your size can lost tens of millions in such cases. https://www.zdnet.com/article/easyjet-faces-18-billion-class-action-lawsuit-over-data-breach/ this is one of the examples

We also inform you that before payment you can decrypt any file not exceeding 5MB as a test, we are also ready to provide a small amount of data downloaded from your network. In the future, after payment, we will provide you with a complete log tree, information on how the attack was carried out, as well as comprehensive recommendations from technical specialists. We also guarantee the deletion of all downloaded data and the provision of decryption keys for your entire network.

In case of refusal, all information will become public (including confidential) http://mountnewsokhwilx.onion/, the recovery keys will be deleted. We also remind you that your time is limited ...

We appreciate your desire to resolve this situation quickly and are waiting for your specific proposals?

Unfortunately, COVID-19 has affected all industries, but we sincerely hope that you will not only recover in the near future, but also earn much more. We made you the best offer, but I never heard from you the opposite (taking into account all the circumstances) ...

Here we prepared some proofs. https://privatlab.com/s/v/[redacted] pass: zxcffk)(*&%$#!@#$%^&*UH,;l;l

Just small amount of your private data, including claims, personal info, contacts with mobile phones, addresses, date of birth, therapy and other sensitive data. Head of your partners companies, which surely be happy of their personal info got published online. They all have lawyers and they like courts, which very like legal fines.

Amount of money we want is just a small piece of your possible losses including but not limiting direct expenses such as payments for data recovery, dramatic cash flow drop, legal & government fines, attorneys & lawyers interests, but also reputation impact resulting in long-term customer abandonment.

But there is another option. After payment you get decryptor tool returning you in business within 1-2 hours (with instruction), security report with advice how to prevent such incidents in future, full directory listing of your stolen private info, complete data deletion. No data will be posted ever. Everything will be kept in secret.

According to your financial reports your situation is much better than you say. As a group with an estimated yearly revenue ~$1billion you have enough money to pay us.

We don't think, that our estimates are incorrect. Your financial reports are somewhat more reliable, than your word here and now. And your proposal here is just from the textbooks - ten times less, than our initial demand. It seems, that you do not understand, how works our group. We don't ask $90 millions, to receive our demand of $9 millions. Evacuation of your staff due to the wildfires, and complain about breath is not worth 90% of the demand. For now, it does not worth even 5% of our demand, before we get some real proposal. So you should understand, that our team have plenty of projects running, and yours - just one from many. If we don't reach an agreement, we'll just shorten our profit. And on other hand, you would be ruined. That is much more serious threat, than the wildfires. We'll wait for your proposal. Sincerely, yours.

Of course, we too want to work with you. And of course, we can talk about a lesser amount. But to start to rapidly move in that direction, we want to see a good, respectful starting offer from you. Please understand, that sum of about 1 million is regarded as an insult by my bosses. So we look forward to continue our negotiations on more acceptable terms.

OK, lets see what you can offer. And JFYI - we know that your financial reports are in [redacted currency] and we know exchange rates. We have also have huge experience in that business and understanding how much your private data costs including sources of you software which could become public via github. Anyway both of us are business people and count money very well.

Thank you for your efforts, now I see, that we can start moving towards you. It is fair and reasonable FIRST offer, and I glad, that we have now a chance to successfully negotiate. We are ready to make a discount of 1 million US dollars, so your price is now $8'000'000. Of course, we understand, that your work here is not easy and requires efforts to convince your board members. But we are still far from agreement. Our estimates are still much higher, than your proposal. We hope, that you will give us better price. And since it is our mutual interest to speed up our negotiations as much, as we can - take more serious steps toward us. It would be much easier than for us to make steps to you in response.

We've discussed your proposal with team, and we are ready to make another discount. Understanding that you have some issues with signing new contracts, your price is now $7'500'000. Of course, we are ready to move on further, depending on your offers. Time is crucial here, so the more serious steps you will take in our direction, the faster we will get an agreement. We understand, that any downtime of your business is not in your interests, it is quite costly. Possible losses, however, are much more expensive. But in fact, your downtime is not in our interests too, I can assure you. We know, that you have insurance, reserves, and possibility of loans. Your overall reserve is quite better, than your proposal. Make better offer, and we will move on.

2020-10-25: https://privatlab.com/s/v/[redacted] pass:[redacted] Thank you for keeping in touch. We've already sent you proofs. Private data (like SSN, DOB) of your staff, data of clients, their diagnoses and your top-management data, source codes of your projects are not enough? We perfectly understand, that you are following the tutorial, no offence by that. Staff data doesn't worth anything for you. But if you need some points for your board... You already have issues with your dwindling revenue and shortage of new contracts. But if we will just say for a moment, that there is an announcement on our news site (and the rest of the cartel news sites), that your company had lost private data of your US customers, and source codes of your clients... US part of the revenue will go to zero, just as number of possible new contracts. We've already done such things before, and our "customers" were forced to face the grim consequences. We think, that there is no point in efforts to display more proofs. Situation is perfectly clear and we're already in the middle of negotiations. Of course, we just want to make money, and not to destroy business of our clients. We hope, that your board have enough commerce sense to make right choices. We're waiting for another good offer and are ready to move towards you, if it is good enough.

We've discussed your offer with team. As a token of respect for your efforts to move on our negotiations, our boss had approved huge discount of $2'500'000 to speed up our bargaining. Your fast responding made such terms real. So as we make serious step to you, your price is hold now at a point of $5'000'000. We think that as a fair offer in comparison to your possible losses. Let us be professionals and settle at this number. We look forward to your answer.

We see that we are very close to a deal. Lets make an additional discount and total amount will be $4,500,000.

We will provide you with a bitcoin wallet here in the chat. - Then you have to send 1 bitcoin to our wallet for verification only. After we confirm this transaction, you can send the entire amount. - After receiving the first confirmation about the blockchain, we will permanently delete Leak Publication and provide you with decryption software, usage guide and access to a file vault with all your data. We will also give you recommendations for improving security measures.

This is your bitcoin adress [redacted]

Please advise how to send the first part of the payment.

Yes, we are settled at this number.

how long do you need?

Yes that's right

We see the first transaction and confirmation. It is OK to send full amount now.

Yes we see a transaction. After getting confirmations you will receive unlocker immediatly.

Gentlemen, we have received your payment. To unlock your systems, we send you an executable file. For correct operation, please disable all antiviruses, including windows defender, and then run it on all blocked machines. A little later, the swami will be contacted by our technical specialist who will provide a log tree and give advice.

You link for unlocker: unlocker.zip

Here is a Mega cloud account of your private data: [redacted]@protonmail.com [redacted]

You can safely remove data and download a file tree. If you need any support - please note us, we will help you with everything.

With the message above, you have gained access to your file tree.I repeat, go to mega.nz use login [redacted]@protonmail.com and password [redacted] then safety delete your date. A little later, you will receive a report on how the attack occurred and recommendations for protection. Please be patient.

Have you unlocked your files? Have you successfully opened mega.nz account? Do you need any other help? We will delete this chat forever soon.

Of course, we confirm, that we will not publish, or keep any copies of your data. For the breach report please wait for our tech team, they will answer you in 1-2 days.