Chat – Stéphane De Greef

juin 12, 2025
0

Negotiation chat with different groups

Akira

20230529 – 7 message(s) voir chat
20230606 – 13 message(s) voir chat
20230616 – 80 message(s) voir chat
20230628 – 5 message(s) voir chat
20230707 – 37 message(s) voir chat
20230719 – 4 message(s) voir chat
20230722 – 9 message(s) voir chat
20230727 – 72 message(s) voir chat
20230728 – 5 message(s) voir chat
20230815 – 84 message(s) voir chat
20230929 – 58 message(s) voir chat
20231112 – 58 message(s) voir chat
20231115 – 81 message(s) voir chat
20231209 – 112 message(s) voir chat
20231217 – 67 message(s) voir chat
20231227 – 74 message(s) voir chat
20240127 – 41 message(s) voir chat
20240129 – 70 message(s) voir chat
20240131 – 75 message(s) voir chat
20240201 – 40 message(s) voir chat
20240301 – 43 message(s) voir chat
20240317 – 8 message(s) voir chat
20240329 – 65 message(s) voir chat
20240410 – 16 message(s) voir chat
20240424 – 70 message(s) voir chat
20240509 – 170 message(s) voir chat
20240531 – 55 message(s) voir chat
20240611 – 50 message(s) voir chat
20240618 – 53 message(s) voir chat
20240620 – 7 message(s) voir chat
20240718 – 105 message(s) voir chat
20240719 – 6 message(s) voir chat
20240723 – 43 message(s) voir chat
20240803 – 34 message(s) voir chat
20250104 – 13 message(s) voir chat
20250108 – 10 message(s) voir chat
20250110 – 7 message(s) voir chat
20250112 – 44 message(s) voir chat
20250117 – 70 message(s) voir chat
20250120 – 7 message(s) voir chat
20250121 – 26 message(s) voir chat
20250125 – 9 message(s) voir chat
20250216 – 14 message(s) voir chat
20250217 – 13 message(s) voir chat
20250222 – 72 message(s) voir chat
20250227 – 56 message(s) voir chat
20250306 – 9 message(s) voir chat
20250310 – 24 message(s) voir chat
20250312 – 20 message(s) voir chat
20250313 – 43 message(s) voir chat
20250321 – 25 message(s) voir chat
20250328 – 39 message(s) voir chat
20250330 – 15 message(s) voir chat
20250331 – 6 message(s) voir chat
20250408 – 12 message(s) voir chat
20250417 – 59 message(s) voir chat
20250423 – 65 message(s) voir chat
20250424 – 12 message(s) voir chat
20250425 – 6 message(s) voir chat
20250425b – 15 message(s) voir chat

Avaddon

20210112 – 25 message(s) voir chat
20210324 – 73 message(s) voir chat
20210430 – 103 message(s) voir chat
20210512 – 35 message(s) voir chat
20210518 – 17 message(s) voir chat
20210518_2 – 24 message(s) voir chat
20210518_3 – 103 message(s) voir chat

Avos

20210903 – 86 message(s) voir chat

Babuk

20210203 – 106 message(s) voir chat
20210428 – 44 message(s) voir chat

BlackBasta

20221011 – 50 message(s) voir chat
20221229 – 50 message(s) voir chat
20230410 – 57 message(s) voir chat
20230501 – 50 message(s) voir chat
20240814 – 50 message(s) voir chat

BlackMatter

20210829 – 44 message(s) voir chat
20210907 – 77 message(s) voir chat

Cloak

20230802-2 – 66 message(s) voir chat
20230802 – 54 message(s) voir chat

Conti

20201017 – 78 message(s) voir chat
20201019 – 9 message(s) voir chat
20201109 – 255 message(s) voir chat
20201121 – 6 message(s) voir chat
20201230 – 146 message(s) voir chat
20210107 – 139 message(s) voir chat
20210126 – 9 message(s) voir chat
20210219 – 12 message(s) voir chat
20210305 – 45 message(s) voir chat
20210315 – 49 message(s) voir chat
20210316 – 63 message(s) voir chat
20210426 – 12 message(s) voir chat
20210428 – 13 message(s) voir chat
20210513 – 78 message(s) voir chat
20210517 – 56 message(s) voir chat
20210517_b – 69 message(s) voir chat
20210520 – 101 message(s) voir chat
20210602 – 81 message(s) voir chat
20210611 – 48 message(s) voir chat
20210628 – 34 message(s) voir chat
20210708 – 25 message(s) voir chat
20210715 – 10 message(s) voir chat
20210805 – 47 message(s) voir chat
20210812 – 46 message(s) voir chat
20210820 – 50 message(s) voir chat
20210902 – 43 message(s) voir chat
20210904 – 17 message(s) voir chat
20210923 – 14 message(s) voir chat
20211108 – 32 message(s) voir chat
20211112 – 32 message(s) voir chat
20211205 – 63 message(s) voir chat
20211217 – 27 message(s) voir chat

Darkside

20200811 – 85 message(s) voir chat
20201115 – 243 message(s) voir chat
20210215 – 24 message(s) voir chat
20210413 – 63 message(s) voir chat
20210418 – 10 message(s) voir chat

Dragonforce

058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
29BBE03074FDBB8D – 10 message(s) voir chat
7A313D13EB6B4E58 – 32 message(s) voir chat
89716D29D2CEE36F – 23 message(s) voir chat
AB0404E049514B50 – 28 message(s) voir chat
BD004D632D87DBA0 – 25 message(s) voir chat
C2A3C7249797F5ED – 66 message(s) voir chat
C42CDF65B97D0E92 – 30 message(s) voir chat
C7CD31EAAF9DE9AC – 71 message(s) voir chat
C8479B30418B331E – 4 message(s) voir chat
D6DDD9B26D7D41DB – 14 message(s) voir chat
FDA8141B6DD392E3 – 10 message(s) voir chat
b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

20211004 – 70 message(s) voir chat
20211005 – 19 message(s) voir chat
20211026 – 46 message(s) voir chat
20211102 – 58 message(s) voir chat
20211113 – 136 message(s) voir chat
20211126 – 4 message(s) voir chat
20211213 – 15 message(s) voir chat
20211220 – 24 message(s) voir chat

Hunters International

20240510 – 29 message(s) voir chat

Mallox

20230427 – 62 message(s) voir chat
20230529 – 29 message(s) voir chat
20230530 – 17 message(s) voir chat

NoEscape

20230911 – 6 message(s) voir chat
20230912 – 4 message(s) voir chat

Pear

20250720 – 42 message(s) voir chat

Qilin

20240429 – 3 message(s) voir chat
20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

20201014 – 72 message(s) voir chat
20201104 – 63 message(s) voir chat
20201126 – 79 message(s) voir chat
20210320 – 13 message(s) voir chat
20210329 – 43 message(s) voir chat
20210331 – 23 message(s) voir chat
20210401 – 78 message(s) voir chat
20210407 – 15 message(s) voir chat
20210413 – 156 message(s) voir chat
20210603 – 63 message(s) voir chat
20210604 – 10 message(s) voir chat
20210609 – 58 message(s) voir chat
20210613 – 132 message(s) voir chat
20210616 – 31 message(s) voir chat
20210617 – 67 message(s) voir chat
20210622 – 52 message(s) voir chat
20210628 – 39 message(s) voir chat
20210630 – 42 message(s) voir chat
20210708 – 28 message(s) voir chat
20210709 – 1 message(s) voir chat

RansomHub

20240810 – 1 message(s) voir chat

Ranzy

20201015 – 36 message(s) voir chat
20210223 – 20 message(s) voir chat

RunSomeWares

20250411 – 27 message(s) voir chat

fog

20240517 – 27 message(s) voir chat
20240729 – 144 message(s) voir chat
20240830 – 73 message(s) voir chat
20240910 – 26 message(s) voir chat
20240927 – 60 message(s) voir chat
20241119 – 3 message(s) voir chat

lockbit3.0

**************************149576 – 17 message(s) voir chat
Leaked2025-ClientID-124 – 55 message(s) voir chat
Leaked2025-ClientID-154 – 137 message(s) voir chat
Leaked2025-ClientID-206 – 4 message(s) voir chat
Leaked2025-ClientID-36 – 55 message(s) voir chat
aguasdoporto_pt – 3 message(s) voir chat
bakkerheftrucks_com – 27 message(s) voir chat
bankbsi_co_id – 27 message(s) voir chat
chsf_fr – 42 message(s) voir chat
colonialgeneral_com – 25 message(s) voir chat
continental_com – 37 message(s) voir chat
datair_com – 106 message(s) voir chat
emunworks_com – 8 message(s) voir chat
entrust_com – 29 message(s) voir chat
gavresorts_com_br – 6 message(s) voir chat
genusplc_com – 34 message(s) voir chat
gocontec_com – 52 message(s) voir chat
guardiananalytics_com – 27 message(s) voir chat
hgc_com_hk – 8 message(s) voir chat
kaycan_com – 94 message(s) voir chat
lapostemobile_fr – 93 message(s) voir chat
millennia_pro – 43 message(s) voir chat
myerspower_com – 99 message(s) voir chat
newbridge_org – 70 message(s) voir chat
nicklaus_com – 43 message(s) voir chat
okcu_edu – 56 message(s) voir chat
omscomponents_it – 66 message(s) voir chat
plasticproductsco_com – 28 message(s) voir chat
porcelanosa-usa_com – 8 message(s) voir chat
preflooring_com – 17 message(s) voir chat
psenergy_com – 25 message(s) voir chat
qsi-q3_de – 20 message(s) voir chat
royalmailgroup_com – 103 message(s) voir chat
samyang_com – 237 message(s) voir chat
scohil_com – 29 message(s) voir chat
sirva_com – 78 message(s) voir chat
software-line_it – 30 message(s) voir chat
tapcocu_org – 215 message(s) voir chat
vitalityhp_net – 73 message(s) voir chat
vsainc_com – 21 message(s) voir chat
wabteccorp_com – 39 message(s) voir chat
wcinet_com – 34 message(s) voir chat

mount-locker

20201016 – 60 message(s) voir chat

trinity

0001 – 2 message(s) voir chat
0002 – 52 message(s) voir chat
0003 – 298 message(s) voir chat
0004 – 170 message(s) voir chat
0005 – 14 message(s) voir chat
0006 – 11 message(s) voir chat
0007 – 36 message(s) voir chat
0008 – 13 message(s) voir chat
0009 – 6 message(s) voir chat
0010 – 8 message(s) voir chat
0011 – 50 message(s) voir chat
0012 – 15 message(s) voir chat
0013 – 32 message(s) voir chat
0014 – 6 message(s) voir chat

Victim 17:29

Our managers just told me they are meeting about this situation and how to pay you. They are asking if you can give us a list of the data you took. Can you please give a list of the files you downloaded?

Black Basta 17:32

Sure, wait please.

Black Basta 17:39

Download file: [redacted].zip

Black Basta 17:41

This is the full list of your taken data. You can choose any 3 file names from list and I will send them to you, like a proof. But these files must not contain the important information.

Victim 14:49

Thank you very much!

Black Basta 14:52

We wait your files.

Victim 12:38

Here are the three files:

Victim 12:38

Company/_SALES AND MARKETING/1_Client Services/1_Account Management/[redacted]/2020/[redacted] Data Transfer Agreement [redacted] - signed.pdf

HR/Employee Files/Current Employees/[redacted]/[redacted] SIGNED.pdf

Company/_SALES AND MARKETING/1_Client Services/Contracts/[redacted] Contract/[redacted] partner agreement.pdf

Black Basta 05:10

OK, wait please.

Black Basta 05:15

Download file: [redacted].zip

Black Basta 05:15

These are your requested files.

Victim 10:48

Thank you. I will give these files to my manager.

Black Basta 10:49

We'll be in touch.

Victim 23:19

They asked me today if you will give us some kind of proof when you delete the files? Also, they asked what is the method to pay you? Is it wire transfer? They will have a meeting tomorrow with the executives, so they are asking these questions. Thank you.

Black Basta 03:24

After deleting files, we will send you a full deletion log. As for the payment, - we accept the payment in cryptocurrency bitcoin.

Victim 16:42

Okay, thank you. They have another question about the payment. When you said $700,000, did you mean Canadian dollars? They just want to be sure since our company in in Canada, not in the USA.

Black Basta 16:45

No, we mean US Dollars.

Victim 04:57

Okay. Our executives have analyzed everything with the information you provided. They told me to tell you that they can agree to pay $250,000 US dollars within 24 hours if you can accept that amount.

Black Basta 05:44

No, we don't agree. Our price is $700,000 ,but we can give you 20% discount if you pay during 48 hours. If you don't pay for this time, then the price will become initial.

Victim 00:34

Hello. Our company leadership has been working to meet your demand. We are now able to pay you $500,000 US dollars, but we have to pay a lot of money for the conversion from Canadian dollars to US dollars. We also checked on how to send the payment and we have to pay a large fee for sending the bitcoin.

Victim 00:36

Can you please accept the payment as $500,000 US dollars? That way, we still have some money to pay the fees for conversion and for the bitcoin? Thank you.

Victim 01:52

Also, if you accept this, please send us the wallet address for the bitcoin payment. We already have the company to send the payment but they asked us for the bitcoin address. Thank you.

Black Basta 06:48

OK, we agree. After payment:
1. You receive decryptors.
2. Your page will be totally deleted from the blog.
3. ALL your data will be deleted and you will receive the full deletion log.
4. You will get penetration report and recommendations how to avoid such the situations in the future.
5. You receive the guarantee that BB or anyone of our team will not NEVER attack you again.
Our BTC wallet: [redacted]

Victim 11:10

Okay, thank you! We will work to send the payment quickly today.

Black Basta 11:11

We'll be in touch.

Victim 22:53

Hello. We have everything ready to send the payment to you now, but our executives would like to send a small payment first so you can verify that you received it. Then, we can send the rest. They are just nervous about using bitcoin for the first time.

Victim 22:54

is it okay to send you the small payment first and then send the rest right after you tell us you received it?

Victim 23:16

also, please verify the wallet address again as: [redacted]

Black Basta 00:45

Just a minute

Black Basta 00:46

We confirm this address [redacted]

Black Basta 00:56

We are waiting your test payment

Victim 01:10

thank you. will we be able to send the second payment to the same address? I mean both payments will go to the same wallet?

Black Basta 01:11

Yes

Victim 01:12

thanks.

Victim 01:19

The company doing the payment for us just told me they are sending 0.43 BTC now as the test payment.

Victim 01:24

Please confirm when you receive it.

Black Basta 01:34

Confirm 0.43000000 BTC

Victim 01:38

thank you.

Black Basta 03:06

Payment received.
Your blog was deleted. Now your data is wiping.

Black Basta 03:23

Download file: [redacted].rar

Black Basta 03:24

This is log of deletion all your taken data.

Black Basta 03:24

Security report and recommendation:
Your network has been compromised by mailing of messages to the emails with malicious attachments.
One of the users launched malware.
To avoid this in the future, give you recommendations of network protection:
1. Use sandbox to analyze the contents of letters and their attachments.
2. Use the password security policies
3. Make protection from attack like a Pass-the-Hash and Pass-the-ticket attack
4. Update all OS and software to the latest versions, especially Microsoft Defender Antivirus.
5. Implement the hardware firewalls with filtering policies, modern DLP and IDS, SIEM systems.
6. Block kerberoasting attacks
7. Conduct full penetrations tests and audit
8. Use and update Anti-virus/anti-malware and malicious traffic detection software
9. Configure group policies, disable the default administrators accounts, create new accounts.
10. Backups. You must have offline backups, does not have access to the network.

Victim 03:33

thank you for the fast response. when can we get the decryptor?

Black Basta 03:33

Very soon.

Black Basta 03:34

Now is preparing decryption tools.

Victim 03:34

thank you

Black Basta 06:53

Download file: [redacted].exe

Black Basta 06:54

How to decrypt windows?
1. Drop executable to any folder.
2. Start new terminal session with administrator rights. (run cmd.exe or powershell.exe with admin rights)
3.1. In cmd.exe type full path to the executable file and press Enter.
3.2. In powershell.exe type: "& c:\full\path\to\executable.exe" without quotes and press Enter.

OR

1. Drop file.
2. Click right mouse button on the file and press run as admin.

(!) IMPORTANT
1. Yoy can decrypt only 1 folder (test decrypt for example)
decrypt.exe -forcepath c:\users\1\Desktop\folder
2. DO NOT CLOSE decryptor yourself

OR

1. Drop file.
2. Click right mouse button on the file and press run as admin.

(!!!!!!!) IMPORTANT
1. You can decrypt only 1 folder (test decrypt for example)
decrypt.exe -forcepath c:\users\1\Desktop\folder
2. DO NOT CLOSE decryptor yourself.

Victim 12:20

thank you

Victim 16:39

Thank you. the decryption is working on our test files. Is it possible for you to tell us which employee opened the attachment file in the email? either the employee name or the name of the computer? That would help us very much. Thank you again.

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

Auteur/autrice