Chat

Negotiation chat with different groups

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

  • 058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
  • 05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
  • 29BBE03074FDBB8D – 10 message(s) voir chat
  • 7A313D13EB6B4E58 – 32 message(s) voir chat
  • 89716D29D2CEE36F – 23 message(s) voir chat
  • AB0404E049514B50 – 28 message(s) voir chat
  • BD004D632D87DBA0 – 25 message(s) voir chat
  • C2A3C7249797F5ED – 66 message(s) voir chat
  • C42CDF65B97D0E92 – 30 message(s) voir chat
  • C7CD31EAAF9DE9AC – 71 message(s) voir chat
  • C8479B30418B331E – 4 message(s) voir chat
  • D6DDD9B26D7D41DB – 14 message(s) voir chat
  • FDA8141B6DD392E3 – 10 message(s) voir chat
  • b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

  • 20240429 – 3 message(s) voir chat
  • 20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

Victim 02/06/2021, 15:17:16
What do you want?
Victim 02/06/2021, 15:19:29
Hello?
Victim 02/06/2021, 15:22:24
readme.txt [ 1kB ]
Conti 02/06/2021, 16:39:33
Hello, please wait answer
Victim 02/06/2021, 16:43:25
ok
Conti 02/06/2021, 16:46:55
As you already know - your network and all of your data were encrypted by CONTI team. Besides the encryption process we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. How it happens can be seen on our website.
The recovery price is $1700000 (45 BTC). If you want to make sure we can recover all of your data - you can send us the two files of your choice and we will decrypt them free of charge.
If we reach mutual agreement your will be provided with decryption tool, none of your internal data will be published and you will be provided with security tips on how to avoid further breaches.
We strongly recommend to review our offer in a timely manner to avoid additional expenses from your side on security software and on building the new network from scratch.
The example data pack will be provided soon, which will include part of the file tree list and some actual data you can review.
Conti 02/06/2021, 19:42:25
30perclisting.zip [ 223kB ]
Conti 02/06/2021, 19:43:06
You can choose any 2 files from the listing, we will discard them as proof that the files were really stolen
You can also send 2 files for a free decrypt
---
Upon conclusion of the agreement, our price includes
1) Universal decryptor for your network
2) Permanently delete all stolen information + logs of removing
3) Security advisories and report how we infiltrated your system
Conti 02/06/2021, 19:52:47
datapack.7z [ 47.2MB ]
Conti 03/06/2021, 20:29:32
Have you reviewed the documents and our offer?
Conti 04/06/2021, 14:51:59
If we will not receive the response today we shall start transmitting your data to 3-rd parties step by step notifying your clients and employees about the breach and on how you guard their data.
Victim 04/06/2021, 15:23:33
we have just pulled down the files for review.
Victim 04/06/2021, 15:25:59
i will let you know when we are done.
Victim 04/06/2021, 15:26:48
how do we know if you are able to recover our machines?
Conti 04/06/2021, 15:27:25
You can provide two random low-value encrypted files and we will decrypt them as a proof and upload back
Conti 04/06/2021, 15:28:02
It took you two days to download files from review? We are not that patient and you should be more operative otherwise we will consider you stalling
Victim 04/06/2021, 15:51:55
will provide the files. No, it did not take us 2 days to download the files and review. we only logged back on this morning and saw that you sent them.
Victim 04/06/2021, 15:52:40
[redacted] Office.doc.[redacted] [ 533kB ]
Victim 04/06/2021, 15:52:50
[redacted].pdf.[redacted] [ 75kB ]
Conti 04/06/2021, 15:53:14
Will upload the decrypted files asap.
Conti 04/06/2021, 17:03:30
[redacted].pdf [ 74kB ]
Conti 04/06/2021, 17:03:51
[redacted] Office.doc [ 533kB ]
Victim 04/06/2021, 17:46:33
ok thank you
Victim 04/06/2021, 21:50:59
we are currently still reviewing everything.
Victim 04/06/2021, 21:52:18
additionally, my higher up are requesting additional proofs because you are asking 45btc which is quite a lot of money.
Conti 04/06/2021, 22:09:21
What proof do you need?
We showed that we can decrypt files
Select any 2 files from the listing archive and we will discard them to you
Conti 05/06/2021, 03:31:54
Having received the decryptor, you can start working in 2 hours
Conti 05/06/2021, 03:32:46
Read about us on the Internet - we work honestly. It is much more profitable to conclude an agreement with us than to incur losses
Victim 05/06/2021, 04:00:17
thats for that additional information. will pass this information along to my boss. I will also let you know the file names once they let me know.
Victim 05/06/2021, 15:08:34
Still haven't heard anything yet. Will try to get an answer as soon as possible.
Conti 05/06/2021, 15:23:01
Ok, keep me updated
Victim 05/06/2021, 15:28:55
will do.
Victim 06/06/2021, 17:01:44
haven't heard anything yet from my boss (most likely because it is the weekend). I should have more information tomorrow
Victim 07/06/2021, 15:42:21
good morning. I have a meeting here shortly and should have those file names for proof of decryption
Conti 07/06/2021, 15:55:10
hello
Conti 07/06/2021, 15:56:02
what file names ? Are you talking about 100% listing?
Victim 07/06/2021, 15:58:25
from the file listing you sent me earlier
Conti 07/06/2021, 16:02:22
Proof of file decryption - you sent 2 files to us, we deciphered them and threw them off.
Conti 07/06/2021, 16:03:21
File with the title "30perclisting.zip"
Here is a list of 20 - 30 percent stolen information from your network.
Conti 07/06/2021, 16:05:27
When you conclude an agreement, you will receive a decryptor for your entire network and return the state of computers to their previous state in a few hours
Victim 07/06/2021, 16:09:02
yes im sorry. I confused myself.
Conti 08/06/2021, 09:59:41
any updates?
Victim 08/06/2021, 15:29:23
yes sorry, sending the filenames over now.
Conti 08/06/2021, 15:41:50
ok, waiting.
Victim 08/06/2021, 16:03:04
ok finally received the list
Victim 08/06/2021, 16:03:12
uploading the text file now
Victim 08/06/2021, 16:03:35
FileRequest.txt [ 2kB ]
Conti 08/06/2021, 16:05:01
Well, it's way more than 2 files, but we will provide.
Victim 08/06/2021, 16:05:54
Sorry about that but definitely appreciated!
Conti 08/06/2021, 22:00:10
2019_[redacted].xlsx [ 43kB ]
Conti 08/06/2021, 22:00:28
2019_[redacted].xlsx [ 152kB ]
Conti 08/06/2021, 22:00:32
Logo [redacted].pdf [ 87kB ]
Conti 08/06/2021, 22:00:50
[redacted].pdf [ 69kB ]
Conti 08/06/2021, 22:00:54
[redacted] - Employee agreement [redacted].docx [ 44kB ]
Conti 08/06/2021, 22:00:59
[redacted] - Employee agreement [redacted].docx [ 46kB ]
Conti 08/06/2021, 22:01:04
[redacted].PNG [ 83kB ]
Conti 08/06/2021, 22:01:08
Agreement [redacted].docx [ 42kB ]
Conti 08/06/2021, 22:01:11
2020 [redacted] (1).xlsx [ 21kB ]
Conti 08/06/2021, 22:01:51
[redacted].pdf [ 5.4MB ]
Victim 09/06/2021, 19:48:31
thank you, pulling those files down now
Victim 10/06/2021, 22:33:54
just wanted to let you know, my boss and the higher ups are having meetings to discuss this. I will keep you updated, as much as i can.
Conti 11/06/2021, 00:15:13
thanks
Victim 13/06/2021, 14:26:20
definitely appreciate your patience. Haven't received work yet (most likely due to the weekend). Will keep you updated.
Victim 16/06/2021, 17:56:06
do we have an agreement?
Conti 16/06/2021, 18:02:14
We are still waiting, but not for too long.
Victim 16/06/2021, 18:22:08
are you declining our offer?
Conti 16/06/2021, 18:28:09
would you please repeat your offer, seems like your message didn't go through
Victim 16/06/2021, 18:29:28
This message was send before - thats still out of our range($274,350). our offer $175k.
Conti 16/06/2021, 18:30:16
I an confused, where have you sent your offer?
Conti 16/06/2021, 18:30:34
I don't see any relevant message within this chat
Victim 17/06/2021, 15:19:02
woah... I am just seeing those messages now. I did not send those messages
Victim 17/06/2021, 15:21:07
are you in talks with other people? maybe the framework picked up cross talk?
Conti 17/06/2021, 15:21:44
Perhaps one of your employees writes here
Conti 17/06/2021, 15:23:47
Send your current offer now
Conti 17/06/2021, 16:22:00
No, that's impossible, suppose some of your employees send the messages, maybe we should move to another chat making it private?
Victim 17/06/2021, 18:19:20
i am working on getting that answer for you. yeah moving to a new chat might be best. how can we do that?
Victim 17/06/2021, 20:41:17
i have an update from my boss/higher ups
Conti 17/06/2021, 20:42:04
I will provide the new chat ID within an hour.
Victim 17/06/2021, 20:42:19
ok thanks.
Victim 18/06/2021, 16:56:18
Ok, i made it over to that chat and sent a msg.
Conti 18/06/2021, 17:00:48
Ok, let's move there, should I block this chat forever?

Auteur/autrice

sdgadmin@tux.ovh