Chat

Negotiation chat with different groups

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

  • 058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
  • 05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
  • 29BBE03074FDBB8D – 10 message(s) voir chat
  • 7A313D13EB6B4E58 – 32 message(s) voir chat
  • 89716D29D2CEE36F – 23 message(s) voir chat
  • AB0404E049514B50 – 28 message(s) voir chat
  • BD004D632D87DBA0 – 25 message(s) voir chat
  • C2A3C7249797F5ED – 66 message(s) voir chat
  • C42CDF65B97D0E92 – 30 message(s) voir chat
  • C7CD31EAAF9DE9AC – 71 message(s) voir chat
  • C8479B30418B331E – 4 message(s) voir chat
  • D6DDD9B26D7D41DB – 14 message(s) voir chat
  • FDA8141B6DD392E3 – 10 message(s) voir chat
  • b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

  • 20240429 – 3 message(s) voir chat
  • 20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

victim Friday, 27 September 2024 13:24:06
Hello, we found several of our systems encrypted with your ransomware. Can we talk about resolving this?
fog Friday, 27 September 2024 14:06:37
hi
fog Friday, 27 September 2024 14:07:03
I will give you details soon and we will talk
fog Friday, 27 September 2024 14:15:28
[provides a compressed RAR files list]
this is what's been taken
victim Friday, 27 September 2024 16:36:06
We will need some time to take a look at this. In the mean time how would we get our systems decrypted?
fog Friday, 27 September 2024 22:14:03
when you pay you receive decrypter to fix your systems
fog Friday, 27 September 2024 22:14:25
I will tell you the price for decrypter soon
victim Sunday, 29 September 2024 19:12:47
How much would the decrypter cost? Can you confirm that our files would be deleted from your servers and that you will not publish our name or share the data?
fog Sunday, 29 September 2024 20:55:39
yes I can confirm your files will be deleted and your name will not be published
fog Sunday, 29 September 2024 20:56:09
I will tell you price soon
fog Tuesday, 01 October 2024 11:24:46
If you want your data fully decrypted and the files we stole removed from our source, you will have to pay a fee. We will also be able to provide a security report and explain how we did it to get in. The bosses are demanding $800,000 for said services.
fog Wednesday, 02 October 2024 12:47:10
Do we work?
victim Wednesday, 02 October 2024 15:17:22
$800,000 is too high. We are looking to reach an agreement and can offer $150,000 to get this finished quickly.
fog Wednesday, 02 October 2024 15:47:34
There's no way we're going to agree to that amount. I don't think we can even give you a $150,000 discount. our demand is more than reasonable in your case. I will talk to the bosses
fog Wednesday, 02 October 2024 20:15:53
bosses agreed to take 715k for everything
victim Thursday, 03 October 2024 16:10:09
How do we know the decrypter will work? Could you decrypt some files for us so we can be sure this will work on our systems
fog Thursday, 03 October 2024 16:13:58
yes
fog Thursday, 03 October 2024 16:16:09
give me a few
victim Admin 18:46:52
[provides a zip archive of files to decrypt]
there are a few small encrypted files in here
fog Friday, 04 October 2024 08:16:51
give me some time
fog Friday, 04 October 2024 09:57:54
[provides 5 decrypted files]
victim Saturday, 05 October 2024 13:54:06
Thank you. Our business isn't doing as well as we used to and we don't have insurance to cover this. We can't afford anywhere near that amount. We would still like to resolve this, but it needs to be close to our previous offer
fog Saturday, 05 October 2024 16:35:23
I cant close the case at your previous offer
fog Saturday, 05 October 2024 16:36:35
you need to add something to your offer
victim Monday, 07 October 2024 10:39:33
Cash is really tight for us, we are doing all we can but can only raise our offer to $175,000.
fog Monday, 07 October 2024 11:30:12
I talked to the bosses. $500,000 and we can end this today. I don't think that you will get any better deal
victim Tuesday, 08 October 2024 15:27:22
We simply cannot afford that. We have rebuilt most of our systems without the decrypter. Can we agree at $200,000 today?
fog Tuesday, 08 October 2024 16:09:59
bosses agree to take 350k today
fog Tuesday, 08 October 2024 16:10:24
this is the best bet price for the situation
fog Tuesday, 08 October 2024 16:10:51
tell me when ready to make payment
fog Tuesday, 08 October 2024 22:09:49
just take one last step, and we'll put this behind us.
fog Tuesday, 08 October 2024 22:14:01
bosses can take one last step and decrease to 300k. the wallet is [redacted]
fog Wednesday, 09 October 2024 19:05:01
hi
fog Wednesday, 09 October 2024 19:05:12
are you leaving me?
fog Wednesday, 09 October 2024 19:06:14
tell me should I wait the money today or what
fog Thursday, 10 October 2024 11:40:41
I need your decision guys.
fog Thursday, 10 October 2024 11:40:56
this week we have to close your case
victim Thursday, 10 October 2024 16:40:18
We can't go that high, we can offer $225,000
fog Thursday, 10 October 2024 18:42:18
I can't take 225k
fog Thursday, 10 October 2024 18:43:06
confirm 250k to me and I will make my bosses take the offer 250k
fog Thursday, 10 October 2024 18:43:25
we can do that today only
fog Friday, 11 October 2024 12:00:52
hello. what is your decision?
victim Friday, 11 October 2024 14:52:25
ok we will pay $250,0000, can you confirm you will provide a decrypter and you will delete all our data? We will need some time to arrange the payment
fog Friday, 11 October 2024 15:48:03
I can confirm that you will receive the .exe files that you will need to run on your systems (win or esxi) to decrypt your files. We guarantee that you will be able to recover all the encrypted data. We will give you a deletion log file which means the files we stole .were removed from our source.
fog Friday, 11 October 2024 15:49:09
Please let me know when the money has been sent
fog Saturday, 12 October 2024 10:15:05
hi
fog Saturday, 12 October 2024 10:15:34
can you tell me when are you going to make payment?
victim Monday, 14 October 2024 18:36:15
we are sending a small amount to check it works ok. Can you confirm when you receive it?
fog Monday, 14 October 2024 18:58:26
yes send please
fog Monday, 14 October 2024 20:46:27
I received 0.0001 btc. you can send the full amount now
victim Tuesday, 15 October 2024 14:53:17
we are arranging the bitcoin for the full amount and will let you know when we are making the payment
fog Tuesday, 15 October 2024 15:03:10
waiting, thanks
victim Tuesday, 15 October 2024 17:27:42
we've sent the payment
fog Admin 18:20:08
[provides the decryptor in a 7zip compressed file]
Windows
unlocker.exe -nomutex -console -target \\SERVER\C$
unlocker.exe -nomutex -console -target C:\

Esxi \ LINUX
chmod +x unlocker_key
./unlocker_key --id [redacted] --log --target "/vmfs/volumes/"
victim Monday, 21 October 2024 09:51:08
Hi, we are working through recovering our systems but we cannot access our domain controller as you have changed the administrator password. Please could you tell us what the password for the domain administrator account was changed to?
fog Monday, 21 October 2024 09:56:03
all domain admins passwords "gotochatplease"
victim Wednesday, 30 October 2024 09:17:47
Can you still provide us a report on how you got access into our network? Also can you confirm you have deleted all our data now?
fog Wednesday, 30 October 2024 10:07:59
I will tell you soon
victim Monday, 04 November 2024 09:10:19
Do you have any update please?
fog Monday, 04 November 2024 10:14:29
You data has been deleted. Access to your network was gained through a phishing mail. Your staff should be more vigilant when downloading and opening unfamiliar files. We recommend that you implement the following measures to protect your corporate network:
1) Enforce passwords on local and domain admins. Complicate group policy on passwords for all users;
2) Using the group "Protected users";
3) Use centralised management of antivirus protection;
4) Inform users not to open suspicious emails and files;
5) Updating software and OS to current versions;
6) Set up permission delegations in the Active Directory;
7) Install an application to monitor activity in the Active Directory;
8) Use Vmware Esxi ver. 7.0 or more current.
Our team guarantees that any data taken from your network will not be disclosed, sold or published. Of course, this dialogue will also remain confidential.

Auteur/autrice

sdgadmin@tux.ovh