Chat

Negotiation chat with different groups

Akira

Avaddon

Avos

Babuk

BlackBasta

BlackMatter

Cloak

Conti

Darkside

Dragonforce

  • 058f4b92-ae99-45c7-bf35-5d2d6754b3de – 19 message(s) voir chat
  • 05f724f8-906e-4739-8177-815852cc2c3f – 29 message(s) voir chat
  • 29BBE03074FDBB8D – 10 message(s) voir chat
  • 7A313D13EB6B4E58 – 32 message(s) voir chat
  • 89716D29D2CEE36F – 23 message(s) voir chat
  • AB0404E049514B50 – 28 message(s) voir chat
  • BD004D632D87DBA0 – 25 message(s) voir chat
  • C2A3C7249797F5ED – 66 message(s) voir chat
  • C42CDF65B97D0E92 – 30 message(s) voir chat
  • C7CD31EAAF9DE9AC – 71 message(s) voir chat
  • C8479B30418B331E – 4 message(s) voir chat
  • D6DDD9B26D7D41DB – 14 message(s) voir chat
  • FDA8141B6DD392E3 – 10 message(s) voir chat
  • b8e14e1a-548f-4eec-bd6e-a590126e57c9 – 14 message(s) voir chat

Hive

Hunters International

Mallox

NoEscape

Pear

Qilin

  • 20240429 – 3 message(s) voir chat
  • 20250203 - from @RakeshKrish12 – 36 message(s) voir chat

REvil

RansomHub

Ranzy

RunSomeWares

fog

lockbit3.0

mount-locker

trinity

Victim
> Hi, my name is [redacted] and i am authorized to speak with you. please contact immediately.
Akira
> Hello. You've reached an Akira support chat. Currently, we are preparing the list of data we took from your network. For now you have to know that dealing with us is the best possible way to settle this quick and cheap. Keep in touch and be patient with us. We will reach out to you soon. Do you have a permission to conduct a negotiation on behalf of your organization? Once we get a response you will be provided with all the details.
Victim
> I am part of the company, i am allowed to deal with you.
Akira
> List.txt.7z // 281 KB
Akira
> These files were taken from your network prior to encryption. You can pick 2-3 random files up to 10 MB each from the list and we will upload them to this chat as a proof of possession. To prove that we can properly decrypt your data you can upload 2-3 encrypted files up to 10 MB each to our chat and we will upload decrypted copies back. We're looking through your financial papers to come up with a reasonable demand to you. We offer: 1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future. Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
Victim
> [redacted].mp4.akira // 1.17 MB
Victim
> [redacted].mp4.akira // 1.17 MB
Victim
> [redacted].pdf.akira // 3.32 MB
Akira
> Please wait.
Akira
> [redacted].mp4.7z // 1.13 MB
Akira
> [redacted].mp4.7z // 1.13 MB
Akira
> We won't provide you with the third file for an obvious reason.
Victim
> Here are the three files from your list ( 4,573,696 [redacted].xls - [redacted].xlsx - 109,056 [redacted].xls) that we would like to have decrypted. Of course, we would like to know your price for the whole package: 1. the decryption of our entire system. 2. the evidence of data removal. 3. the guarantee that our files will not be passed. 4. the security reports on vulnerabilities. 5. the security that we will not be the target of further attacks.
Akira
> Please wait.
Akira
> files.rar // 3.94 MB
Akira
> Here are the files. We will provide a quote for our services shortly.
Akira
> The price for the whole package is $150,000.
Victim
> Ok. So please tell us what is the price for our requestetd Service.
Akira
> Which of these options are you interested in?
1) full decryption assistance;
2) evidence of data removal;
3) security report on vulnerabilities we found;
4) guarantees not to publish or sell your data;
5) guarantees not to attack you in the future. Let me know whether you're interested in a whole deal or in parts. This will affect the final price.
Akira
> The price for everything is $150,000.
Victim
> That is a lot of money, even for us. We can not simply organize that much. We can organize and pay $40.000. How should we transfer?
Akira
> We can't accept $40,000. The leadership is willing to accept $120,000 if you pay quickly. We can't consider 5 figure amounts, so let's save our time.
Victim
> We can offer $100.000. Please tell us quickly the way for the transfer and how we get our decrypter?
Akira
> $115,000 and we have a deal. Here is our BTC wallet ID for payment: [redacted]
Akira
> After payment you will receive a decryptor for each of your systems and manual on how to use it for particular file/system. You will be able to restore your infrastructure within 24 hours. If you face any problems during decryption process, we will be here to support.
You will receive a deletion log which means the raid drives that contained the only copy of your data are fully formatted and erased.
You will receive a security report that includes information about how we were able to penetrate your network, as well as exclusive first-hand information about the state of your network, the vulnerabilities that we found. What's more, you'll receive high-quality technical recommendations on eliminating any vulnerabilities and strengthening your network to secure your internal and external infrastructure.
You will also receive written guarantees that we will not sell or publish your data, keep this conversation private, and delete this chat later. We won't come back for more money after payment and we won't attack you again.
Victim
> Ok. How will you send us the decrypter? We are also currently looking into setting up a wallet and pruchasing BTC. This is new territory for us, so itś taking some time. if you have any recommendations on how to do this quickly and securely, let us know.
Akira
> We will upload unlockers to this chat.
Akira
> To gain bitcoins you have to go to any exchange platform as binance or coinbase. Here are the guides: https://www.coinbase.com/how-to-buy/bitcoin
https://www.binance.com/en/how-to-buy/bitcoin You also can buy bitcoin from any local brokers. If you withdraw funds from your bank account, then you have to inform the bank that you need this money for investment purposes only.
Akira
> Hello. How's your progress?
Victim
> We are sorry, but we are struggeling with issues at the bitpanda account. We spent the whole day setting up the wallet. It now also set up, but the transfer of the balance is still ongoing. We are not able to transfer money today. We will get back to you as soon as possible. You can be assured that it is our goal to complete everything with you as quickly as possible.
Akira
> Standing by, thank you.
Akira
> Hello?
Victim
> Hello, we´re still having minor issues with the bank and the Bitpanda account. Sorry, we´ll resolve this as soon as possible.
Akira
> We have to close the case before the weekend. Standing by.
Victim
> We will make a test transfer now. Please inform us about the amount of the transfer, so we can check if everything worked well. In this case we will transfer the remaining amount.
Akira
> 0.000587 BTC received. You can proceed with the rest amount.
Victim
> We have transferred the remaining amount. Please confirm receipt of the agreed total amount and send the decryptor as soon as possible. We expect you to honour the agreed total package.
Akira
> Received, thank you.
Akira
> unlockers.7z // 2.1 MB
Akira
> unlocker.exe -p="path_to_unlock"
unlocker.exe -s="C:\paths.txt"
where "paths.txt" is a list of paths for the decryptor, each path on a new line
ESXi commands
1) chmod +x unlocker
2) ./unlocker -p="/vmfs/volumes"
Victim
> After we made the agreed payment, please also send us the security report of vulnerabilities. If we have any problems to reset the system, we`ll contact your support again. Please keep your promise!
Akira
> Initial access to your network was purchased on the dark web. Then kerberoasting was carried out and we got passwords hashes. Then we just bruted these and got domain admin password. Spending weeks inside of your network we've managed to detect some fails we highly recommend to eliminate:

1. None of your employees should open suspicious emails, suspicious links or download any files, much less run them on their computer.
2. Use strong passwords, change them as often as possible (1-2 times per month at least). Passwords should not match or be repeated on different resources.
3. Install 2FA wherever possible.
4. Use the latest versions of operating systems, as they are less vulnerable to attacks.
5. Update all software versions.
6. Use antivirus solutions and traffic monitoring tools.
7. Create a jump host for your VPN. Use unique credentials on it that differ from domain one.
8. Use backup software with cloud storage which supports a token key.
9. Instruct your employees as often as possible about online safety precautions. The most vulnerable point is the human factor and the irresponsibility of your employees, system administrators, etc.

We guarantee that we will not sell or publish your data, keep this conversation private, and delete this chat later. We won't come back for more money after payment and we won't attack you again.

We wish you safety, calmness and lots of benefits in the future. Thank you for working with us and your careful attitude to your security.
Akira
> log_erase.txt.7z // 171 KB

Auteur/autrice

sdgadmin@tux.ovh