Ransomware negotiation(s) with
trinity
Hello, We have a ransomware infection. How do I ㅐ it?
We have a ransomware infection. What should I do?
you want to decrypt how many computers?
Three recovery PCs have been identified.
We need three recoveries.
recovery price 0.5
bitcoin for 1 PC, 3pc=1.5 bitcoin after payment you will receive the
decryption program which will automatically decrypt all files bitcoin
wallet [redacted]
when can I expect payment from you?
The annual sales are
about 600 million won and the net profit is about 30 million won. The
amount you mentioned is the amount we have to collect over five years.
We could go bankrupt. We want to negotiate. Please save our company.
we can offer a price for 3pc 1 bitcoin if you pay today
In terms of dollars, $4500,000 is the profit and $25,000 is the net profit.
We don't have any
expenses. We only have $10,000 in our bank account. It's a [redacted]
production company, but there's a lot of outstanding money...
In terms of dollars,
$450,000 is the profit and $25,000 is the net profit. We don't have
any expenses. We only have $10,000 in our bank account. It's a [redacted]
production company, but there's a lot of outstanding money...
I've spoken to the management we can accept $15,000 for 1 PC. if you pay at once
Please lower it a little bit. We need to get a loan and it's tomorrow weekend. Please.
$39,000 for 3 PCs final offer we lowered it a little bit like you asked. It's $13,000 for 1 PC.
Thank you so much.
But we have to get loans as I told you. One can be possible, but we need
a lot of time to recover. Can you spend time?
we are waiting for
payment, 0.61 bitcoin to the above wallet. Do not delay the payment
process as we have given you a big discount my boss can cancel the
contract and discount if you delay.
bitcoin wallet [redacted]
As I said, I don't
have money right now. And it's the weekend... I can't even go to the
bank. Finally, give me a discount and plenty of time.
All right, we're waiting. but don't drag it out.
when can I expect a bitcoin transfer from you?
https://www.sendspace.com/file/[redacted]
We are sending you 2 ransomware infected files. Request you to do test recovery.
https://www.sendspace.com/file/[redacted]
I'm sorry, but I'd like to recover the two files contained in the url above.
when will you pay after the test?
you'll pay right after the test?
we're waiting to hear back from you and do a test
It's difficult because it's the weekend. I need a day or two.
https://file.io/[redacted]
https://prnt.sc/[redacted]
https://prnt.sc/[redacted]
we're waiting for payment.
Data recovery has
been validated. I'd like to ask you a favor. I have 13,000 dollars. So I
would like to restore just one server first this weekend. Can you
recover to 0.018 btc first And two days later, I would like to apply
for a loan from the bank on Monday and restore the other two as well.
we negotiated
$39,000 and gave you a discount. fulfill the terms of the agreement you
can wire us $13,000. to lock in the price and the discount today. While
you take the credit, we'll prepare the decryptors. Don't change the
terms of the agreement.
or we'll refund the original price 0.5 bitcoin per 1 pc.
we keep our word and we ask you to keep yours
It's a little hard to understand. If I send $13,000, will you send me 1 recovery key first?
if you send $13,000
we'll start preparing three decryptors for you. but we'll only ship
them to you after you've paid the full $39,000. if you want to restore 1
pc, the price will be 0.5 bitcoin please respect the original
agreements
show us your intent send $13,000 today
Please wait a moment. I'm borrowing money now.
Oh... We are preparing 0.61. Please, 0.61 btc.
Thank you, I think it will take about an hour or two. How long does it take for us to pay the btc and receive the recovery tool?
please check money 0.61BTC
send us one file from each of the three computers you want to recover.
https://www.sendspace.com/file/[redacted]
https://www.sendspace.com/file/[redacted]
Please stand by. the boss will come and we'll send you three decoders.
before decryption Make copies of important files just in case password :123 run as administrator
https://file.io/[redacted]
if you want to decrypt all other files we are ready to make a very big discount. all other PCs for $11,000.
Can you tell me how to use it?
before decryption Make copies of important files just in case
the program decrypts all files automatically
The file has been recovered, but it's all broken. I'd like to get the recovery tool again.
https://file.io/[redacted]
if some files have not been decrypted send us some files
Got into trouble. Program keeps turning off during early morning recovery... How do I fix the problem?
program shuts down with an error? what do you mean?
I'm not sure. Only cd drive comes out of the black window and the window disappears
are you running as an administrator? Did the files decrypt?
I decrypt a few and the program just turns off. After that, it just keeps turning off.
try changing
compatibility mode right-click on the program properties compatibility
mode and check the box compatibility with windows 7/8
https://www.sendspace.com/file/[redacted]
I am sending you the data again from 3 servers. Please send it to the recovery key that has been confirmed to operate normally.
Хорошо Пожалуйста, подождите.
https://file.io/[redacted]
we had no trouble deciphering it. try copying the files to an external drive and run it on another computer.
https://file.io/[redacted]
I really appreciate the support. Thank you so much. I'll try again.
20 to 30 GB of database corruption... is there a fix?
didn't decrypt the files?
1. It's been restored, but it's damaged. 2. Some materials are not recovered.
https://dropmefiles.com/ download here
upload the corrupted file here and upload 1 file that was not recovered
the .trinitylock is gone?
I'll let you know
our problem. 1. Some files cannot be recovered 2. Recovered, but the
file does not open We don't know what to do.
https://dropmefiles.com/[redacted]
I'm sending you 5gb data. Please help.
there's a different encryption key you didn't pay for this ID.
We sent the data from the same computer. Where can I check the key you are talking about?
We paid for 3 keys,
but we only received 1 recovery key. Shouldn't you give us 2 more keys?
It's only 10% recovery... We can go out of business. Please help
so there were network drives This is a different key. Let's decrypt all your computers. if you pay the $13,000.
the first time you sent the files [redacted] [redacted] [redacted] [redacted]
4 ID we made a decrypter on them.
now you've sent files with the ID [redacted]
all your ID
[redacted] [redacted] [redacted]
[redacted] [redacted] [redacted]
[redacted] [redacted]
you can see the file IDs through the HEX editor, at the end of each file
you have to pay extra for other IDs $13,000 and we'll decrypt all your IDs. same wallet
https://dropmefiles.com/[redacted]
We don't know how to look at it. Can I test this? And please let me know your ID for this.
[redacted].zip.trinitylock [redacted]
[redacted]_LIST_202403.zip.trinitylock [redacted]
you'll have to pay extra for another ID we'll make a decrypter
Is it the same ID as the 5g we sent you?
[redacted]
For this, I would like to restore only one. Can you give me a quarter
of a dollar And I'd like to test the zip file.
Is it the same ID as the 5g we sent you? YES [redacted]
1id? Aren't you
going to give me all the rest of the keys? We hope to lower the cost
further. Please, I really don't have any money...
We really don't have any money, so we have to save it. I can get it tomorrow. Please give me a little discount one more time.
We are borrowing money again. But $13000 is too much. Is $8000 possible? Please
How many coins is 13000 dollars?
please check money 0.21BTC
send 2 files from each PC you want to recover
https://dropmefiles.com/[redacted] One is the file I sent you
https://dropmefiles.com/[redacted]
https://dropmefiles.com/[redacted]
https://dropmefiles.com/[redacted] We can't even restore it. Please tell me how to do this.
Not yet? How much longer do I have to wait... Please help.
Sorry for delay waiting please
I can't recover it, what should I do?
Sorry for delay waiting please
how many files didn't decrypt?
how many files didn't decrypt?
90 percent of only 1 ID? Did the other IDs decrypt normally?
This information is provided by Valéry Marchive & Julien Mousqueton
