Chat

Negotiation chat with different groups

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

  • 058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
  • 05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
  • 29BBE03074FDBB8D – 10 message(s) voir chat
  • 7A313D13EB6B4E58 – 32 message(s) voir chat
  • 89716D29D2CEE36F – 23 message(s) voir chat
  • AB0404E049514B50 – 28 message(s) voir chat
  • BD004D632D87DBA0 – 25 message(s) voir chat
  • C2A3C7249797F5ED – 66 message(s) voir chat
  • C42CDF65B97D0E92 – 30 message(s) voir chat
  • C7CD31EAAF9DE9AC – 71 message(s) voir chat
  • C8479B30418B331E – 4 message(s) voir chat
  • D6DDD9B26D7D41DB – 14 message(s) voir chat
  • FDA8141B6DD392E3 – 10 message(s) voir chat
  • b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

  • 20240429 – 3 message(s) voir chat
  • 20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

Victim 20:15
Hello,

As per the file tree structure you have provided us, we would like the 3-files listed below to be decrypted (in their original format) and provided back to us as confirmation.

Below are the 3 files that we require in a decrypted format as confirmation.

1. Summons_Complaint_From_[redacted].pdf

2. 3450_Disbursement_Invoice_[redacted].csv.done

3. 15-01-12 MED MAL CASES FROM [redacted].docx
Black Basta 21:08
Download file: [redacted].zip
Victim 01:14
We are a small business, we have been hit hard due to the economic downturn, and the pandemic.

We can only afford to pay you $77,500 USD; this is all we have at the moment.

We just don’t have that kind of money you are asking from us.

We would like to settle soon, let's come to an agreement.
Black Basta 03:41
This is too small and not at all interesting to me. If we move so slowly, we will come to the publication of your data and the destruction of your small business. Make me a worthy offer.
Victim 17:55
As mentioned, we only have $77,500 USD.

We are actively working with our banker to secure a loan to pay you.

After speaking to senior management and our banker, we can secure an additional $47,500 USD.

We are able to offer you $125,000 USD.

How can we make payment? Please provide us with instructions so we can move forward quickly.
Black Basta 17:57
This offer is better. We also can step towards you and lower the price by 100,000. Now your price is 500,000.
Black Basta 18:06
We are always ready to give some discount to an adequate people.
Victim 22:28
We are moving as quickly as we can and you mentioned a 20% discount earlier which is $480,000 USD.

After speaking with our banker and senior management, we can pay $125,000.

We are moving as fast as possible but we cannot afford to pay you the $480,000 USD that you are asking for.

We can offer you $125,000 in exchange for the decryption key, proof of deletion and a security report, and we can work on a payment if you provide us with instructions.
Black Basta 05:55
I will repeat once again that this amount does not suit us and 20% discount we give you if you pay ASAP. You took a step and we made the discount $100k, this is significant. Now we are waiting for the best offer from you to satisfy the both sides and close the deal.
Victim 17:16
We have spoken with senior management and our banker and can secure a total of $175,000 USD in exchange for the decryption key, proof of deletion and a security report.

As I mentioned before, we are a small business and have been hit hard by the economic downturn and the pandemic, but were able to secure loans for this amount.

Today is a holiday but we are able to pay these funds quickly. We can start working on payment if you provide us with instructions.
Black Basta 17:22
This offer is better. However, as I said before - this is a thoroughly calculated price that includes a full list of services we mentioned before, security audit and a decryptor.
We have examined your data and documentation and have no reasons to set the price higher than you can pay. If you can pay 175,000 within the holidays, I think you'll easily find 450,000.
Victim 21:42
Yes, we are doing our best to ensure we can settle fast in exchange for our decryption keys, proof of deletion and security report.



We were able to secure $175,000 USD to pay you.



My boss has agreed to contribute the cash from his personal account $41,250 USD.



This will total to $216,250 USD.



Let’s make this work for all of us and we can start working on payment.



Please send me payment details so we can make payment as this is all new to us.
Black Basta 22:15
Yes, we see your steps forward and go to meet you. But our services and your data are more expensive, like your reputation. Stories of diseases of your customers, mental state, etc. - their most deep secrets. Their disclosure will bring many problems of your company. But we understand your situation and therefore make you an additional discount. Our price is $400к.
Victim 18:25
We are working with our banker and arranging personal contributions from individuals within the business.

My boss and his partners have all contributed additional funds from their personal accounts.

You need to understand that we are a small business and we do not have that kind of money to pay you.

Let’s move forward and settle for $239,125 USD.

We will require more time to secure a payment. We will need an extension on the timer.

I am waiting for payment instructions, let’s move quickly.
Black Basta 19:51
We give you a last discount. Now your price is 350,000
Black Basta 19:51
We won't lower the price further. It is almost 50% discount.
Black Basta 17:34
Hi, any news?
Timer is going, so please don't lose the time!
Victim 19:13
A 50% discount, approximately $300,000 USD is very helpful.

My boss and his partners are able to contribute funds to the above offer and settle for $285,125 USD.


This is the maximum loan; we are able to secure the bank and funds from our personal account.

Also note that we are entering into a weekend, banks are closed. We will require more time to secure this amount and transfer funds to you.

We will need an extension on the timer.

If you agree to settle for $285,125 USD, please also confirm that you will provide us with a decryptor to unlock all systems and you will delete all files of your servers and provide a receipt of deletion?

I am waiting for payment instructions, let’s move quickly.
Black Basta 19:28
We agree on 300,000 USD. 50% discount.
We know that banks are closed on the weekend, so prolong a timer till Tuesday.
BTC Wallet: [redacted]

Also we confirm that after the payment you will receive a decryptor to unlock all systems and we will delete all files from our servers and provide a receipt of deletion.
Victim 00:09
My boss and his partners have agreed to pay $300,000 USD.

Monday morning, we will be reaching out to our bank to establish our loan and get the funds. Please note these things take time and we are moving as quickly as possible.

You have provided us with what seems to be a Bitcoin Wallet Address, is this correct?

We are not familiar with how Bitcoin works and how to acquire bitcoins for the amount you are asking.

Are you able to provide any instruction on what is the best way for us to purchase bitcoins?

We are doing some research on which exchanges to use, do you have any recommendations?
Black Basta 03:37
Yes, we have provided the wallet address above. You can buy bitcoin on any crypto exchange, binance (https://www.binance.com) or coinbase (https://www.coinbase.com), or contact a broker in your country.
Victim 04:41
Not sure if you got my last message.
Victim 04:41
My boss and his partners have agreed to pay $300,000 USD.
Monday morning, we will be reaching out to our bank to establish our loan and get the funds. Please note these things take time and we are moving as quickly as possible.
You have provided us with what seems to be a Bitcoin Wallet Address, is this correct?
We are not familiar with how Bitcoin works and how to acquire bitcoins for the amount you are asking.
Are you able to provide any instruction on what is the best way for us to purchase bitcoins?
We are doing some research on which exchanges to use, do you have any recommendations?
Victim 04:42
We are looking into binance.com and coinbase.
Black Basta 05:49
You are right. Please use google to check exchanges available in your location. It is a bitcoin address. Inform us when the payment will be sent.
Black Basta 12:29
Hi, any success?
Black Basta 17:15
We confirm the test payment 0.00005000 BTC
Black Basta 17:23
Test amount received
Victim 23:14
Hi, I wanted to confirm if you have received test payment. https://www.blockchain.com/btc/tx/[redacted]
Victim 23:14
0.00005000 BTC (This seems correct) ?
Black Basta 03:13
Yes
Black Basta 21:25
Sir, 1,5 hours left. What about the main part of the payment?
Victim 21:49
We are preparing to transfer the payment to your wallet. Please give us more time.
Victim 21:49
We are new to this so please be patience with us.
Victim 21:51
Also, after receiving payment how fast would you make the decryptors for download? Also we will need a receipt of complete data deletion.
Black Basta 21:58
You will receive the decryptor and manual within an hour after the payment. You will receive the log of removing your data later, as it will take some time. Also we will extend the timer for you for 24 hours.
Victim 23:01
Payment has been made in full. Please confirm receipt?
Victim 23:01
https://www.blockchain.com/btc/tx/[redacted]
Victim 23:01
https://www.blockchain.com/btc/tx/[redacted]
Black Basta 03:14
We confirm the payment!
Black Basta 03:14
Your blog was deleted.
Black Basta 03:15
Now your data is wiping. The decrypt tool you will get very soon.
Black Basta 06:28
Download file: [redacted].linux
Black Basta 06:28
Download file: [redacted].ex
Black Basta 06:29
How to decrypt linux?
1. Drop executable via ftp/sftp/wget to any folder.
2. Add rights to the new file: chmod +x ./decrypt_executable
3. Just run it: nohup ./decrypt_executable > log.txt &
4. Wait until you see smth like "Done" in file "log.txt".

How to decrypt windows?
1. Drop executable to any folder.
2. Start new terminal session with administrator rights. (run cmd.exe or powershell.exe with admin rights)
3.1. In cmd.exe type full path to the executable file and press Enter.
3.2. In powershell.exe type: "& c:\full\path\to\executable.exe" without quotes and press Enter.

OR

1. Drop file.
2. Click right mouse button on the file and press run as admin.


(!) IMPORTANT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1. DO NOT CLOSE decryptor yourself, DO NOT INTERRUPT!
2. Yoy can decrypt only 1 folder (test decrypt for example)
decrypt.exe -forcepath c:\users\1\Desktop\folder
Black Basta 06:49
Download file: [redacted].zip
Black Basta 06:50
This is log of deletion all your taken data. Now we have nothing.
Black Basta 06:50
Security report and recommendation:
Your network has been compromised by mailing of messages to the emails with malicious attachments.
One of the users launched malware.
To avoid this in the future, give you recommendations of network protection:
1. Use sandbox to analyze the contents of letters and their attachments.
2. Use the password security policies
3. Make protection from attack like a Pass-the-Hash and Pass-the-ticket attack
4. Update all OS and software to the latest versions, especially Microsoft Defender Antivirus.
5. Implement the hardware firewalls with filtering policies, modern DLP and IDS, SIEM systems.
6. Block kerberoasting attacks
7. Conduct full penetrations tests and audit
8. Use and update Anti-virus/anti-malware and malicious traffic detection software
9. Configure group policies, disable the default administrators accounts, create new accounts.
10. Backups. You must have offline backups, does not have access to the network.
Victim 15:55
Thank you. I will follow the instructions and get back to you if we have any questions.
Black Basta 15:55
Sure, we are in touch!

Auteur/autrice

sdgadmin@tux.ovh