Chat

Negotiation chat with different groups

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

  • 058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
  • 05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
  • 29BBE03074FDBB8D – 10 message(s) voir chat
  • 7A313D13EB6B4E58 – 32 message(s) voir chat
  • 89716D29D2CEE36F – 23 message(s) voir chat
  • AB0404E049514B50 – 28 message(s) voir chat
  • BD004D632D87DBA0 – 25 message(s) voir chat
  • C2A3C7249797F5ED – 66 message(s) voir chat
  • C42CDF65B97D0E92 – 30 message(s) voir chat
  • C7CD31EAAF9DE9AC – 71 message(s) voir chat
  • C8479B30418B331E – 4 message(s) voir chat
  • D6DDD9B26D7D41DB – 14 message(s) voir chat
  • FDA8141B6DD392E3 – 10 message(s) voir chat
  • b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

  • 20240429 – 3 message(s) voir chat
  • 20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

Babuk
Hello! Technical support is ready to answer you
Victim
Hello, I'm writing on behalf of [redacted]. Is this the right place to ask for information?
Babuk
Hello!
That's right, to start a dialogue, I ask you to answer 2 questions 1)
Are you a recovery company 2) Do you have insurance against ransomware
programs?
Victim
1)
I'm not part of a recovery company. We are an IT company working with
them in other fields. We just decided to give them a hand in handling
contacts with you, since they do not have the required technical
knowledge. 2) I have no information regarding that matter unfortunately,
i do not know if they have insurance or not (though I'd bet they don't)
Babuk
Before
we move on to discussing the price, upload 4-5 files of encrypted files
no more than 10MB using any file exchanger, we will decrypt these files
as a test
Victim
ok,
I'll come back as soon as I have them, just need a moment to collect
them. is something like a link shared via Google drive OK for you?
Babuk
Ok, write to me as you are ready to provide files
Babuk
Also
send us the ecdh_pub_k.bin file from those computers from which you
will download files, this ecdh_pub_k.bin will be placed in% appdata%
Victim
ok,
I'll be back in some minutes to tell you how much time we'll have to
wait (i can't recover the data myself unfortunately)
Babuk
Ok
Babuk
independent attempts without our help to decrypt files may lead to their loss, I would not advise you to do this
Victim
don't worry, we know how this type of issues work, we prevented them from attempting anything rush
Victim
ok,
i should be able to recover 4-5 files and the related public key in a
couple of hours. I'll text you back then. for now, thanks for the
information
Babuk
ok
Victim
You
can find a simple archive with three files and your public key at the
following link: https://file.io/[redacted]
Victim
The content is a 7z archive password-protected. The password is "[redacted]" (without quotes)
Victim
Be careful because I fear the link will expire after one download
Babuk
I downloaded your files, please wait
Babuk
link will be available for 1st download https://dropmefiles.com/[redacted]
Victim
Downloaded, received and correctly visualized the plaintext, thanks for the proof of work
Victim
Can I move on to ask you about your demands?
Babuk
Ok, now we can continue the dialogue
Babuk
yes, 1 minets please
Babuk
We
know that [redacted] is a large company with an annual turnover of $ [more than two dozens]
million a year, a price of $ 400,000 for a complete expansion of all
systems
Victim
I'll
refrain from reacting to it: I'll just tell you that such an amount is
simply impossible to move for an Italian company. There is no way a
company would be able to purchase that amount of coins (bitcoins or
whatever else) in a whole year. It *might* be doable if they were like
20, 30 thousands, but more than that seems totally impossible to me.
Victim
Anyway, I'll relay your demands to the company, I'll forward your feedback to you as soon as they answer me
Victim
Anyway, I'll relay your demands to the company, I'll forward your feedback to you as soon as they answer me
Victim
Thanks for your cooperation, for now
Victim
"I'll forward THEIR feedback to you" (typo)
Victim
BTW,
I'll probably be back in some hours, since it's late evening in Italy
and I don't think they'll answer me now. I'll be back as soon as
possible
Babuk
We can make a
discount, but it must be reasonable, we will wait for comments from the
company and we are waiting for you in this cha
Babuk
Ok, we are in touch and ready for a dialogue, and ask them about insurance
Victim
Hi
we talked with the company. For them the damage is 1 month of work of 4
people and is worth 40k because have an offline backup. For you can be
ok?
Babuk
We understand
perfectly well that if you had backups, if you didn’t have a dialogue
with us, we can accept. from you 100 000 usd, it will be a big discount,
if you agree then we will move on to the deal, if you need time to
think it over, this is your time in any case you need the decryptor, not
me
Victim
they have
ready 55k usd to close the deal and for Wednesday you'll have the money
in your wallet. Can you agree with it?
Babuk
We understand that the company can afford to pay 100 00, we went to you for the purchase and made a big discount
Babuk
100 000
Victim
I'll talk with them
Babuk
Ok, also if they have insurance, this will not incur financial losses for them at all, the insurance will pay everything
Victim
they don't have an insurance
Babuk
Well then, I advise you to buy it in the future.
Victim
in italy with the italian law it's hard to cash out this amount. With difficulties we can arrive to 65k.
Babuk
We had clients from italy who could easily pay 350,000, let's stop at 85k, it will be optimal for you and us!
Victim
I'm talking with them. Please 5 minutes
Babuk
ok
Victim
BTW
just genuinely asking: how did they pay you such an amount? i can't
imagine a way to move 350k from Italy in few days, it's just really
difficult unless it happens via bank wire
Babuk
They
worked with the bank, we cannot tell you the company, for the reason:
they paid, we keep secret information about our clients who made the
transaction
Victim
sure,
as I said I was just asking out of curiosity. Anyway, we convinced
them to make an effort for 85k usd, since it's in the interest of their
business.
Babuk
Okay, do you need instructions on how to buy bitcoin? Or will you do everything yourself?
Victim
I'll speak with them to understand how they want buy it
Babuk
ok
Victim
can you give us your instruction to pay you?
Babuk
There
are bitcoin ATMs in italy, you can use it or buy bitcoins on the
exchange https://www.finder.com/it/how-to-buy-bitcoins, or find a
private bitcoin broker in italy (this is the safest option) as soon as
you are ready to transfer I will give you a wallet
Victim
ok do you know i can do with an atm and where i can find it and use it to give the money
Babuk
https://coinatmradar.com/country/105/bitcoin-atm-italy/
Victim
ok thanks
Victim
we have some questions
Victim
1)
is it ok for you if they proceed via coin ATM? Do you know if they can
directly transfer funds to your wallet via the ATM, or do they need to
purchase coins and them separately transfer them?
Victim
2)
once the decryption process begins, they obviously need some form of
warranty that everything is working. As for what we could see, your
software encrypted files, destroyed filesystem shadow copies and
compromised backups. What kind of technical warranty can you provide
that everything will work smoothly even for big files (full VM disks)
and LAN backup?
Victim
and
3) given that we have an agreement, could you delete the post you
published [redacted]? this would prevent the company from having to
move on with legal procedures, which they are legally compelled to
follow if they have notice of a data breach. if you delete that post,
there will no longer be any evidence, and they will be able to avoid
this.
Babuk
1) For ATM, you'd
better top up your wallet and then send us 2) File size doesn't matter,
we made all required tests before encrypt your network
Babuk
3) post will be removed today
Babuk
The decryptor works the same as the encryptor only in the other direction
Victim
ok thanks, we'll start with the work
Babuk
During
the day, the moderator of [redacted] will delete the topic, I wrote
him a private message and also wrote in the topic, you can check it
Victim
thank you, we will get back to you soon
Babuk
ok
Victim
ok thanks
Babuk
threads [redacted] -deleted, please cheked
Victim
Cheked, thanks! we are buying the btc. I'll ping you asap
Victim
hi
Babuk
Hello, when you will have required amount of bitcoin's write here
Victim
yes
Babuk
You ready to pay?
Victim
not yet, we are buying
Babuk
Okay, what date should I expect to be paid?
Victim
Wednesday please
Babuk
Okey
Babuk
Any dialogues with us only in this chat, any other email and etc contacts are invalid
Victim
Hi, sure!
Victim
Hi, sure!
Victim
hello
Babuk
Hello, how your progress?
Victim
We will have a call at 2 pm to understand the progress
Victim
i'll update you
Babuk
okey
Victim
sorry only a question
Victim
we can decrypt file by file too?
Victim
with your tool?
Babuk
our tool decrypt full pc
Babuk
Unlocker decrypt full network
Victim
FYi we did a revolut account and tomorrow we will have the btc
Victim
so in the afternoom we can do it
Babuk
Well,
as soon as you are ready to transfer money, write to us, you will give
you a new link to the chat, where we will conduct the transaction, it
will be better for your safety and anonymity
Victim
ok thanks
Victim
sorry
do you have an account revolut? because who bought the btc didn't know
that you can not move it to an external wallet ( out the revolut
platform )
Babuk
No, but I do
not think that you will have any problems with the transfer, you should
be able to transfer to any bitcoin wallet
Victim
i check now, because maybe with revolut you can send only to an revolut account
Babuk
You will need to somehow solve this problem, and be able to transfer to any bitcoin wallet
Victim
yes we do
Babuk
admin:https://www.reddit.com/r/BitcoinUK/comments/7gv9ia/revolut_will_not_allow_you_to_send_purchased/
Victim
yes we saw, we are finding a solution
Victim
please send us another link by mail
Victim
to chat
Babuk
Please
give your email address in the company's domain @ [redacted].com there we
will send a new link to the chat, you will need to restart your browser
and follow the link
Babuk
so we can verify that you are indeed on behalf of [redacted] and the correspondence is confidential

Auteur/autrice

sdgadmin@tux.ovh