Chat – Stéphane De Greef

juin 12, 2025
0

Negotiation chat with different groups

Akira

20230529 – 7 message(s) voir chat
20230606 – 13 message(s) voir chat
20230616 – 80 message(s) voir chat
20230628 – 5 message(s) voir chat
20230707 – 37 message(s) voir chat
20230719 – 4 message(s) voir chat
20230722 – 9 message(s) voir chat
20230727 – 72 message(s) voir chat
20230728 – 5 message(s) voir chat
20230815 – 84 message(s) voir chat
20230929 – 58 message(s) voir chat
20231112 – 58 message(s) voir chat
20231115 – 81 message(s) voir chat
20231209 – 112 message(s) voir chat
20231217 – 67 message(s) voir chat
20231227 – 74 message(s) voir chat
20240127 – 41 message(s) voir chat
20240129 – 70 message(s) voir chat
20240131 – 75 message(s) voir chat
20240201 – 40 message(s) voir chat
20240301 – 43 message(s) voir chat
20240317 – 8 message(s) voir chat
20240329 – 65 message(s) voir chat
20240410 – 16 message(s) voir chat
20240424 – 70 message(s) voir chat
20240509 – 170 message(s) voir chat
20240531 – 55 message(s) voir chat
20240611 – 50 message(s) voir chat
20240618 – 53 message(s) voir chat
20240620 – 7 message(s) voir chat
20240718 – 105 message(s) voir chat
20240719 – 6 message(s) voir chat
20240723 – 43 message(s) voir chat
20240803 – 34 message(s) voir chat
20250104 – 13 message(s) voir chat
20250108 – 10 message(s) voir chat
20250110 – 7 message(s) voir chat
20250112 – 44 message(s) voir chat
20250117 – 70 message(s) voir chat
20250120 – 7 message(s) voir chat
20250121 – 26 message(s) voir chat
20250125 – 9 message(s) voir chat
20250216 – 14 message(s) voir chat
20250217 – 13 message(s) voir chat
20250222 – 72 message(s) voir chat
20250227 – 56 message(s) voir chat
20250306 – 9 message(s) voir chat
20250310 – 24 message(s) voir chat
20250312 – 20 message(s) voir chat
20250313 – 43 message(s) voir chat
20250321 – 25 message(s) voir chat
20250328 – 39 message(s) voir chat
20250330 – 15 message(s) voir chat
20250331 – 6 message(s) voir chat
20250408 – 12 message(s) voir chat
20250417 – 59 message(s) voir chat
20250423 – 65 message(s) voir chat
20250424 – 12 message(s) voir chat
20250425 – 6 message(s) voir chat
20250425b – 15 message(s) voir chat

Avaddon

20210112 – 25 message(s) voir chat
20210324 – 73 message(s) voir chat
20210430 – 103 message(s) voir chat
20210512 – 35 message(s) voir chat
20210518 – 17 message(s) voir chat
20210518_2 – 24 message(s) voir chat
20210518_3 – 103 message(s) voir chat

Avos

20210903 – 86 message(s) voir chat

Babuk

20210203 – 106 message(s) voir chat
20210428 – 44 message(s) voir chat

BlackBasta

20221011 – 50 message(s) voir chat
20221229 – 50 message(s) voir chat
20230410 – 57 message(s) voir chat
20230501 – 50 message(s) voir chat
20240814 – 50 message(s) voir chat

BlackMatter

20210829 – 44 message(s) voir chat
20210907 – 77 message(s) voir chat

Cloak

20230802-2 – 66 message(s) voir chat
20230802 – 54 message(s) voir chat

Conti

20201017 – 78 message(s) voir chat
20201019 – 9 message(s) voir chat
20201109 – 255 message(s) voir chat
20201121 – 6 message(s) voir chat
20201230 – 146 message(s) voir chat
20210107 – 139 message(s) voir chat
20210126 – 9 message(s) voir chat
20210219 – 12 message(s) voir chat
20210305 – 45 message(s) voir chat
20210315 – 49 message(s) voir chat
20210316 – 63 message(s) voir chat
20210426 – 12 message(s) voir chat
20210428 – 13 message(s) voir chat
20210513 – 78 message(s) voir chat
20210517 – 56 message(s) voir chat
20210517_b – 69 message(s) voir chat
20210520 – 101 message(s) voir chat
20210602 – 81 message(s) voir chat
20210611 – 48 message(s) voir chat
20210628 – 34 message(s) voir chat
20210708 – 25 message(s) voir chat
20210715 – 10 message(s) voir chat
20210805 – 47 message(s) voir chat
20210812 – 46 message(s) voir chat
20210820 – 50 message(s) voir chat
20210902 – 43 message(s) voir chat
20210904 – 17 message(s) voir chat
20210923 – 14 message(s) voir chat
20211108 – 32 message(s) voir chat
20211112 – 32 message(s) voir chat
20211205 – 63 message(s) voir chat
20211217 – 27 message(s) voir chat

Darkside

20200811 – 85 message(s) voir chat
20201115 – 243 message(s) voir chat
20210215 – 24 message(s) voir chat
20210413 – 63 message(s) voir chat
20210418 – 10 message(s) voir chat

Dragonforce

058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
29BBE03074FDBB8D – 10 message(s) voir chat
7A313D13EB6B4E58 – 32 message(s) voir chat
89716D29D2CEE36F – 23 message(s) voir chat
AB0404E049514B50 – 28 message(s) voir chat
BD004D632D87DBA0 – 25 message(s) voir chat
C2A3C7249797F5ED – 66 message(s) voir chat
C42CDF65B97D0E92 – 30 message(s) voir chat
C7CD31EAAF9DE9AC – 71 message(s) voir chat
C8479B30418B331E – 4 message(s) voir chat
D6DDD9B26D7D41DB – 14 message(s) voir chat
FDA8141B6DD392E3 – 10 message(s) voir chat
b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

20211004 – 70 message(s) voir chat
20211005 – 19 message(s) voir chat
20211026 – 46 message(s) voir chat
20211102 – 58 message(s) voir chat
20211113 – 136 message(s) voir chat
20211126 – 4 message(s) voir chat
20211213 – 15 message(s) voir chat
20211220 – 24 message(s) voir chat

Hunters International

20240510 – 29 message(s) voir chat

Mallox

20230427 – 62 message(s) voir chat
20230529 – 29 message(s) voir chat
20230530 – 17 message(s) voir chat

NoEscape

20230911 – 6 message(s) voir chat
20230912 – 4 message(s) voir chat

Pear

20250720 – 42 message(s) voir chat

Qilin

20240429 – 3 message(s) voir chat
20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

20201014 – 72 message(s) voir chat
20201104 – 63 message(s) voir chat
20201126 – 79 message(s) voir chat
20210320 – 13 message(s) voir chat
20210329 – 43 message(s) voir chat
20210331 – 23 message(s) voir chat
20210401 – 78 message(s) voir chat
20210407 – 15 message(s) voir chat
20210413 – 156 message(s) voir chat
20210603 – 63 message(s) voir chat
20210604 – 10 message(s) voir chat
20210609 – 58 message(s) voir chat
20210613 – 132 message(s) voir chat
20210616 – 31 message(s) voir chat
20210617 – 67 message(s) voir chat
20210622 – 52 message(s) voir chat
20210628 – 39 message(s) voir chat
20210630 – 42 message(s) voir chat
20210708 – 28 message(s) voir chat
20210709 – 1 message(s) voir chat

RansomHub

20240810 – 1 message(s) voir chat

Ranzy

20201015 – 36 message(s) voir chat
20210223 – 20 message(s) voir chat

RunSomeWares

20250411 – 27 message(s) voir chat

fog

20240517 – 27 message(s) voir chat
20240729 – 144 message(s) voir chat
20240830 – 73 message(s) voir chat
20240910 – 26 message(s) voir chat
20240927 – 60 message(s) voir chat
20241119 – 3 message(s) voir chat

lockbit3.0

**************************149576 – 17 message(s) voir chat
Leaked2025-ClientID-124 – 55 message(s) voir chat
Leaked2025-ClientID-154 – 137 message(s) voir chat
Leaked2025-ClientID-206 – 4 message(s) voir chat
Leaked2025-ClientID-36 – 55 message(s) voir chat
aguasdoporto_pt – 3 message(s) voir chat
bakkerheftrucks_com – 27 message(s) voir chat
bankbsi_co_id – 27 message(s) voir chat
chsf_fr – 42 message(s) voir chat
colonialgeneral_com – 25 message(s) voir chat
continental_com – 37 message(s) voir chat
datair_com – 106 message(s) voir chat
emunworks_com – 8 message(s) voir chat
entrust_com – 29 message(s) voir chat
gavresorts_com_br – 6 message(s) voir chat
genusplc_com – 34 message(s) voir chat
gocontec_com – 52 message(s) voir chat
guardiananalytics_com – 27 message(s) voir chat
hgc_com_hk – 8 message(s) voir chat
kaycan_com – 94 message(s) voir chat
lapostemobile_fr – 93 message(s) voir chat
millennia_pro – 43 message(s) voir chat
myerspower_com – 99 message(s) voir chat
newbridge_org – 70 message(s) voir chat
nicklaus_com – 43 message(s) voir chat
okcu_edu – 56 message(s) voir chat
omscomponents_it – 66 message(s) voir chat
plasticproductsco_com – 28 message(s) voir chat
porcelanosa-usa_com – 8 message(s) voir chat
preflooring_com – 17 message(s) voir chat
psenergy_com – 25 message(s) voir chat
qsi-q3_de – 20 message(s) voir chat
royalmailgroup_com – 103 message(s) voir chat
samyang_com – 237 message(s) voir chat
scohil_com – 29 message(s) voir chat
sirva_com – 78 message(s) voir chat
software-line_it – 30 message(s) voir chat
tapcocu_org – 215 message(s) voir chat
vitalityhp_net – 73 message(s) voir chat
vsainc_com – 21 message(s) voir chat
wabteccorp_com – 39 message(s) voir chat
wcinet_com – 34 message(s) voir chat

mount-locker

20201016 – 60 message(s) voir chat

trinity

0001 – 2 message(s) voir chat
0002 – 52 message(s) voir chat
0003 – 298 message(s) voir chat
0004 – 170 message(s) voir chat
0005 – 14 message(s) voir chat
0006 – 11 message(s) voir chat
0007 – 36 message(s) voir chat
0008 – 13 message(s) voir chat
0009 – 6 message(s) voir chat
0010 – 8 message(s) voir chat
0011 – 50 message(s) voir chat
0012 – 15 message(s) voir chat
0013 – 32 message(s) voir chat
0014 – 6 message(s) voir chat

Victim 12/08/2021, 19:03:07

Hello we found the read me note which brought us here.

Conti 13/08/2021, 04:26:43

This is ContiLocker Team.
Please, introduce yourself (Company name and your position) and we'll provide all necessary information.
Sometimes our staff is busy, but we will reply as soon as possible.
Be in touch, thank you

Victim 13/08/2021, 14:25:51

Hello, I'm with [redacted], one of the IT Engineers. Please do get back to us as soon as possible with the necessary information.

Conti 13/08/2021, 15:22:28

As you already know, we penetrated your network and were in it for over 2 weeks (enough to study all your documentation), encrypted your file servers, sql-servers, downloaded all important information weighing over 100 GB: personal data of customers, employees (home addresses, scans of personal documents, phone numbers), consolidated financial reports, studies, payrolls, bank statements.
The good news is, we're businessmen. We want a ransom for anything that needs to be kept secret, and we don't want to ruin your business.
The amount at which we are willing to go out on a limb for you and leave everything as collateral is $300,650. After payment, we will give you a tool to decrypt all your machines, a security report on how you were hacked, a file tree of what we downloaded from your network, and a log of the erasure of that information.

Victim 13/08/2021, 16:30:55

How do we know that you can decrypt our machines? Can you decrypt a few files first?

Conti 13/08/2021, 17:26:13

Yes, send 2-3 files to the chat room

Victim 13/08/2021, 17:31:41

IOS Mitel mobile.docx.[redacted] [ 3.8MB ]

Victim 13/08/2021, 17:31:53

[redacted] Logo.png.[redacted] [ 27kB ]

Victim 13/08/2021, 17:32:03

[redacted] Prompts.docx.[redacted] [ 17kB ]

Conti 13/08/2021, 20:39:48

IOS Mitel mobile.docx [ 3.8MB ]

Conti 13/08/2021, 20:39:55

[redacted] Logo.png [ 26kB ]

Conti 13/08/2021, 20:40:03

[redacted] Prompts.docx [ 17kB ]

Conti 15/08/2021, 01:11:13

On Tuesday, we will begin publishing and selling your data. You are only a small loss of profit for us.

Conti 15/08/2021, 01:13:39

50%.txt [ 5.7MB ]

Conti 15/08/2021, 01:15:41

You can look at the list, it has half the data we took.

Victim 16/08/2021, 02:10:11

Thank you for providing this. We will be back in touch on Monday

Conti 16/08/2021, 16:17:59

It is Monday already. We're waiting for your decision.

Victim 16/08/2021, 18:13:32

Hello, I am sorry we are a small school we are still discussing internally. Please give us some more time we want to continue a dialogue with you. We just need some more time to talk with our management team. Thank you

Conti 16/08/2021, 18:56:25

24 hours.

Victim 16/08/2021, 21:27:59

Please work with us here we are a small college who serves the under privileged. The amount you're asking is something we cannot pay.

Conti 16/08/2021, 21:49:57

We are here. Your offer?

Victim 17/08/2021, 01:28:12

We have $75,000 on hand that we could pay as soon as possible. Will you accept that?

Conti 17/08/2021, 16:01:17

$75,000?
Don't try to cheat us.
We have got a lot of your data and encrypted your system.
We have got a serious amount of your contracts and documentation.
We have the personal data of your employees.
We got a lot of information about your company from our pentest and OSINT departments.
And you are trying to offer us a bit more than the yearly salary of a regular manager?
This sum can cover only a part of the total amount we can get by selling your data and vulnerabilities on auctions.
Moreover, because we are now aware of your network structure, the next attack can be implemented in a short time.
It looks like you think we are stupid. Just a simple pentest on your company will cost about $40-50 thousand. And this is a price without stolen data.
You have one more chance to give us an adequate offer. Otherwise, we will raise the ransom amount.
We can only give you a small discount, if you decide to pay in 24 hours. Let your price be $250,000.

Victim 17/08/2021, 17:39:39

$250,000 is too much for us. We are talking internally to see if we can borrow or loan an additional amount which would give us $135,000. We are working to get this done as quickly as possible. Will you accept $135,000. We want to work with you, but please work with us.

Conti 17/08/2021, 18:10:45

Okay, this is closer to a good offer. We can accept $175,000 if payment will be provided in 2 days.

Victim 17/08/2021, 20:57:15

With the loan we are able to get a bit more and can pay $150,000. We can do this in 2 days or less. Please work with us here.

Conti 17/08/2021, 21:09:46

Okay. Here is Bitcoin address:
[redacted]

Conti 17/08/2021, 21:10:22

Conti 17/08/2021, 21:24:51

After this you will receive the decryption software and recommendations to avoid such an accidents in future.

Victim 17/08/2021, 21:34:43

Ok thank you I will let my management know and will keep you updated

Victim 17/08/2021, 21:35:47

Just to confirm that after payment we will receive the decryption tool that will work to decrypt all of the impacted files from your malware and we will also receive a full file tree and proof of deletion of our data?

Conti 17/08/2021, 21:36:16

Yes

Victim 18/08/2021, 21:49:56

We are working on the payment. Still waiting on the wire. We will still have it with in the two days. Thank you for your patience.

Conti 18/08/2021, 21:51:45

okay, we are waiting. Bitcoin address is actual; please be attentive, the address is case-sensitive.

Victim 18/08/2021, 23:59:06

Thank you and just to be clear this is the address we are to pay
[redacted]

Victim 19/08/2021, 01:01:56

Ok we made the payment. Can you please provide the tool, the full file listing and proof of deletion of files.

Conti 19/08/2021, 04:18:03

We will work on confirming your payment and after this will make sure that you get everything

Victim 19/08/2021, 14:04:21

Hello just checking in again. Please provide everything. Here is confirmation
https://blockstream.info/address/[redacted]

Conti 19/08/2021, 15:40:35

[redacted]_decryptor.exe [ 103kB ]

Conti 19/08/2021, 15:41:04

Decryptor:
1) Launch the decryptor under Administrative rights
2) Wait till the decryptor window is closed
3) if any of the files haven't changed the extension back to the original - repeat 1 and 2

Conti 19/08/2021, 19:24:37

Our advice to you. Put a server in the domain that will download daily updates from Microsoft. And once a week or twice a week, distribute updates from this server to all computers and servers on your network. Thus, in the future you will protect your network from known public vulnerabilities. Also install Black Carbon or Sentinel antivirus. Make it a rule to change all important passwords once a month.
You got a malware virus somewhere on the Internet. We used that tool and accessed your terminal. We received all necessary passwords from over there. The rest was easy.

Victim 19/08/2021, 20:41:10

Thank you. When will you provide the full file listing of data as well as the proof of deletion?

Conti 20/08/2021, 04:06:33

We are preparing your data for you. It's okay, we keep our word.

Victim 20/08/2021, 14:18:18

Thank you

Victim 22/08/2021, 17:00:43

Hello, just checking in on the data again

Conti 23/08/2021, 13:50:44

Mega.nz
[redacted]@protonmail.com
[redacted]