Chat

Negotiation chat with different groups

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

  • 058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
  • 05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
  • 29BBE03074FDBB8D – 10 message(s) voir chat
  • 7A313D13EB6B4E58 – 32 message(s) voir chat
  • 89716D29D2CEE36F – 23 message(s) voir chat
  • AB0404E049514B50 – 28 message(s) voir chat
  • BD004D632D87DBA0 – 25 message(s) voir chat
  • C2A3C7249797F5ED – 66 message(s) voir chat
  • C42CDF65B97D0E92 – 30 message(s) voir chat
  • C7CD31EAAF9DE9AC – 71 message(s) voir chat
  • C8479B30418B331E – 4 message(s) voir chat
  • D6DDD9B26D7D41DB – 14 message(s) voir chat
  • FDA8141B6DD392E3 – 10 message(s) voir chat
  • b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

  • 20240429 – 3 message(s) voir chat
  • 20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

Conti 11/06/2021, 20:51:20
Hello, are you ready to negotiate?
Victim 13/06/2021, 11:43:05
Hello, did you take any data from us ?
Victim 13/06/2021, 11:43:27
what are the next steps to get our systems decrypted ?
Conti 13/06/2021, 14:06:49
30percentlisting.txt [ 4.1MB ]
Conti 13/06/2021, 14:07:02
datapack-example.zip [ 1.9MB ]
Conti 13/06/2021, 14:10:51
We have 450Gb of your data. You can choose any two files from this listing, we will upload them to you, this is proof that we have them.
Wait, soon we will write you the terms of cooperation.
Conti 14/06/2021, 13:29:23
As you already know - your network and all of your data were encrypted by CONTI team. Besides the encryption process we've downloaded a large pack of your internal documents and files that will be published in case our negotiations fail. How it happens can be seen on our website.
The recovery price is $600000 (15 BTC). If you want to make sure we can recover all of your data - you can send us the two files of your choice and we will decrypt them free of charge.
If we reach mutual agreement your will be provided with decryption tool, none of your internal data will be published and you will be provided with security tips on how to avoid further breaches.
We strongly recommend to review our offer in a timely manner to avoid additional expenses from your side on security software and on building the new network from scratch.
Victim 15/06/2021, 11:44:47
How do I know you can decrypt my data?
Conti 15/06/2021, 14:56:40
Send us your two encrypted files, and we'll decrypt them for you as proof.
Victim 15/06/2021, 21:08:08
nopdf.csv.[redacted] [ 76kB ]
Victim 15/06/2021, 21:08:15
esign_scripts-withTransID.sql.[redacted] [ 2kB ]
Conti 15/06/2021, 21:16:53
Will decrypt and upload asap.
Conti 15/06/2021, 23:24:19
esign_scripts-withTransID.sql [ 1kB ]
Conti 15/06/2021, 23:24:26
nopdf.csv [ 76kB ]
Victim 16/06/2021, 06:15:01
Powerpoint-france-[redacted]-destination.jpg.[redacted] [ 4.4MB ]
Victim 16/06/2021, 06:15:33
Thank you, can you decrypt this sample file as well please?
Victim 16/06/2021, 09:41:42
are you here ?
Conti 16/06/2021, 10:25:21
Powerpoint-france-[redacted]-destination.jpg [ 4.4MB ]
Victim 16/06/2021, 13:49:34
What will be the discount if we pay quickly to you today, we are working with banks and still struggling to get approvals as our financial records says we are already in loss because as you already know that we are an educational cultural exchange program that send student abroad to study, since start of covid till now we have not been able to sent applicants out of US in over a year which is same for other countries applicants
Conti 16/06/2021, 14:33:44
$500 000. If you pay today
Victim 16/06/2021, 16:06:53
We really can afford what you are asking
Conti 16/06/2021, 16:10:07
Soon we will give you the bitcoin wallet address where you will need to send the coins. Please wait
Victim 16/06/2021, 16:12:28
We have collected around 100k from our partners and emergency funds and if the bank approves our loan ( which we are in constantly followup ) we will get additional 100K, so we will at position to pay you around 200k$ if all went as planned, but above that we are having no options to collect more funds.
Conti 16/06/2021, 16:22:54
Is this a joke? Do you understand that your business is in our hands? Do you understand the consequences for you if you do not agree with us?
We can't accept 200k.
Victim 16/06/2021, 17:02:05
We are not joking and know that you are a serious organization, as stated before the global pandemic effected our ability to operate for an entire year causing us to lose most of our business that keeps us floating. We are still working with the bank to try and convince them that their financial aid will not be wasted but they know about our current situation. We are pursuing additional means to finding more fundsand will update you on any progress we have made if any.
Victim 16/06/2021, 17:25:34
If you can give us another offer that might be more possible for us, it may help us convince the banks to approve a loan, we are still working on getting their assistance.
Conti 16/06/2021, 17:56:23
We are ready to go down to $480k from our side. That's a huge step forward keeping in mind that our initial claim was already pretty low comparing to our usual demands.
Victim 16/06/2021, 18:37:42
We should be able to secure the loan approval today which would give us the 200k once its put together, we are also currently working on an additional source that could potentially give us around $256,000 that we would then convert into BTC if the the process does not fall through. We know this is lower than what you are demanding but we just really do not have the type of financial ability to come up with that much.
Conti 16/06/2021, 18:41:02
We are ready to accept $256k. I will provide the wallet for the payment a bit later today.
Victim 16/06/2021, 19:55:52
Ok, we will continue to work on getting those funds in our possession and converted into BTC. We will send it once we have your BTC wallet.
Conti 16/06/2021, 20:22:15
The wallet for the payment is : [redacted]
let me know once the transfer is made.
Victim 16/06/2021, 21:12:30
Thank you, we should have the funds soon hopefully. Once the payment is sent will you provide us with a list of the files that were taken, proof that they have been deleted as well as the decryption tool to restore all of our devices?
Conti 16/06/2021, 21:13:22
Yes, of course, you will be provide with all mentioned deliverables.
Victim 16/06/2021, 21:43:52
Thank you, could you also provide us with some details on how you got into our network after the payment is sent?
Conti 16/06/2021, 21:47:27
Yes, of course.
Conti 17/06/2021, 00:53:43
$256,000 amount is only valid if you pay today. You're running out of time
Victim 17/06/2021, 08:43:24
Did you received the payment ? we are still waiting for the keys
Conti 17/06/2021, 08:56:10
Yes. The payment is received. The decryption tool will be provided soon. Already processed the request to tech dept.
Conti 17/06/2021, 09:06:11
[redacted]_decryptor.exe [ 103kB ]
Conti 17/06/2021, 09:07:49
Decryptor:
1) Launch the decryptor under Administrative rights
2) Wait till the decryptor window is closed
3) if any of the files haven't changed the extension back to the original - repeat 1 and 2
Victim 17/06/2021, 14:49:50
Hello can you please share with us the rest of deliverables 1) file tree of the data you took 2) proof that it has been deleted 3)Security report
Conti 18/06/2021, 01:29:16
You have been breached through the email phishing campaign. The overall security score is 2 out of 5.
Our recommendations will be :
1. Implement better email filtering policies
2. Implement tape-based backup hardware
3. Audit account access policies network wide
4. Rebuild the network using segmentation procedures
5. Implement better password policies
6. Block pass-the-hash and kerberoast attacks
7. Notify all your employees and security policies inside the company (opening email attachments, changing passwords, etc)
8. Buying better AV/EDR software
Conti 18/06/2021, 01:29:31
The other deliverables will be provided soon.
Conti 18/06/2021, 01:31:04
[redacted]-full-listing.7z [ 695kB ]
Victim 18/06/2021, 12:31:46
Can you also send us the wipe proof ?
Victim 18/06/2021, 16:44:59
Also can you share which user was phished/compromised initially?
Conti 18/06/2021, 17:03:14
Will do, but I am not sure if I will be able to find the initial compromised user right now, it's been pretty long time ago.
Conti 18/06/2021, 18:19:19
log_remove.7z [ 1.1MB ]

Auteur/autrice

sdgadmin@tux.ovh